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Introduction 



Your new ZoomAir AP128 provides ease and flexibility in 
extending a wired or wireless Local Area Network (LAN) for use 
with wireless clients. This Introduction includes the following: 

• A list of the components included with the unit and other 
items you will need. 

• Details of ZoomAir AP128 and its feature set as a wireless 
access point, ISDN router for WAN and Internet access, 
and remote access server. 

• An implementation plan or "road map" that guides you 
through several phases of installation and setup of 
ZoomAir AP128 and its integration into your LAN . 



Tip: Be sure to read the road map. I twill greatly simplify your 
understanding of the ZoomAir AP128 installation process. 
You can get up and running by mastering basic operations, 
and tackle more complex concepts and operations only as 
your future needs dictate. 



Overview 

The ZoomAir AP 128™ is a hardware access point for linking 
IEEE 802.11 D SSS-compliant wireless clients to each other and to 
a wired LAN . Laptop computers and desktop computers equipped 
with their own ZoomAir Wireless LAN Cards can communicate 
with each other, and with computers, printers, and other devices 
on your wired LAN . 

The ZoomAir A P 128 also provides routing and remote access 
services, giving multiple users on your network I SD N access to the 
I nternet or other Wide-Area N etwork (WAN ) and dial-in access 
for telecommuters. See the following illustration. 
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Desktop 



Beyond these features, the ZoomAir A P128 provides the means to 
create a versatile network, expandable as your networking needs 
grow. I nstalling a basic access point usually involves plugging in the 
ZoomAir PCMCIA radio card and its antenna, making two 
connections (data and power), and turning on the unit. 
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If ZoomAir Wireless LAN cards are installed at the same time on 
client computers, most users will not even need to reconfigure their 
network. 

For more demanding installations, on-board software is provided 
for straightforward setup of I SD N phone lines and a router with all 
the advanced features you are likely to need— encrypted password 
protection, NAT, static routing, IP packet filtering, DHCP, and 
RADIUS security. (These features are described later in this G uide; 
see the Table of Contents.) 

The on-board software can be run from nearly any computer using 
a Web-compatible browser (I nternet E xplorer 4.0 or later, or 
N etscape N avigator 4.0 or later). Administration of the LAN is 
simplified, thanks to DHCP (Dynamic Host Configuration 
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Protocol). DHCP dynamically assigns I P addresses to client 
computers. 

Contents of the Zoom Air AP128 Package 

TheZoomAir AP128 package includes the following components: 

• ZoomAir AP128 base unit 

• ZoomAir Wireless LAN PC Card 

• External antenna for the Wireless LAN PC Card 

• Black ISDN cable (RJ -45 to RJ -11) for connecting the 
ZoomAir A P128 WAN port to an I SD N jack 

• White Ethernet lOBaseT straight-through cable for connection 
of the LA N port to a network hub 

• G ray RJ-45 to RJ-45 cablefor connecting ZoomAir AP128 
Console port to the serial port of a computer 

• RJ-45 to D B-9 adapter to connect the console port cable to a 
9-pin serial port 

• Power adapter 

• Paper wall-mounting template and anchors 

• D ocumentation, including this book, for installing, configuring, 
and maintaining ZoomAir AP128. 

ZoomAir AP128 Features 

Access Point 

With an access point, you gain tremendous flexibility in planning 
and implementing your wireless LA N . For example, one of your 
sales representatives can come into the office with a laptop 
computer and link instantly to the network (with built-in security 
provisions). From the laptop, the sales representative can print to 
networked printers and copy files to and from other computers on 
the network. Also, desktop computers equipped with ZoomAir 
Cards can be located just about anywhere in an office without 
having to be wired to a hub. Changing offices requires no rewiring 
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and no changing of settings on the computer or central servers. 
D ifficult installations suddenly become easy! 

Router 

When a computer on the network asks for access to a device on 
the Wide Area N etwork (WAN ), including the Internet, ZoomAir 
AP128 makes the connection and then routes data back to that 
computer. When two or more computers are connected, ZoomAir 
A P128 acts as a traffic manager, routing information to and from 
the right computers. Typical applications are access to the I nternet 
through an I nternet Service Provider (I SP), and access to another 
LAN through its ISDN line. ZoomAir A P 128 can even provide 
filtering so that only certain computers on the network have access 
to the WAN. 

Remote Access Server 

ZoomAir A P 128 provides remote access to telecommuters or 
other dial-in clients through its built-in ISD N terminal adapter. 
This is ideal for a branch office or small office with occasional dial- 
in needs. The sales representative in the example above can dial in 
from home on an I SD N line and access the company's shared files 
or even browse the I nternet. A customer with a dial-in account can 
access company documents such as price lists or catalogs from a 
secure server. 

Security 

The Wireless PC Card included with ZoomAir A P128 is IEEE 
802.11-compatible, using D irect Sequence Spread Spectrum (D SSS) 
technology. Spread spectrum signals are inherently difficult for 
unauthorized users to decode. A Iso, all wireless nodes on your 
network must use a special Service Set I dentif ier (SSI D ) to be 
recognized. Finally, Wired Equivalent Privacy (WEP) software 
provides security that equals or exceeds that of wired networks. 

When used asa router, ZoomAir AP128 keeps your network 
secure through data filtering and authentication of remote users. 
Security features include CHAP and PAP, packet filtering, 
RA D I US, and callback. Y ou can choose the level of security 
appropriate for your LAN . 
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Managing Zoom Air AP128 



You have a choice of two ways to configure and maintain the 
Zoomair AP128. Each is contained within the unit's on-board 
memory: 

• WebM anage™ allows you to use a compatible Web browser 
on any computer on the network to configure ZoomAir 
AP128. WebM anage is password-protected so that only 
authorized users can set or modify ZoomAir A P 128 settings. 

• A console port lets you configure the unit directly from any 
computer by entering commands from a command line and 
sending them via the serial port. For console command 
documentation, see the Console Commands Appendix. 

Other Items You Will Need 

Depending on how you intend to useZoomAir AP128, you will 
need some additional items. 

When Used As an Access Point 

T he Z oomA ir A P 128's primary use is as an access point for 
wireless clients on your LA N . E ach wireless client must have an 
802.11-compatible wireless Network Interface Card (N IC) using 
D SSS technology. 



Tip: For ease of installation and configuration, we recommend 
the ZoomAir Wireless PCMCIA cards, which are pre- 
configured to work with ZoomAir A P 128. In most cases, 
minimal setup is required. 

For additional information, see the software requirements for the 
client. 

When Used Asa Bridge/ Router 

Although ZoomAir A P 128 functions well as a stand-alone Access 
Point for an all-wireless network, it is more likely that you will use 
it to connect to a wired LA N to provide seamless connectivity 
between wired and wireless clients. When ZoomAir A P 128 is used 
in this bridging capacity, you will need the following: 
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• A hub connected to your network, with an available lOBaseT 
Ethernet port into which you can connect ZoomAir AP128 

If you want to set up your ZoomAir AP128 asarouter to provide 
I nternet or remote LA N access to clients on your LA N , you will 
need the following: 

• An ISDN line, including an I SD N account with your phone 
company and a wall jack convenient to your LA N installation 

• An I nternet Service Provider account, or some other WAN 
service, that supports I SD N 

The ZoomAir AP128 can also be used to bridge two LANs via an 
ISDN connection. 

When Used As a Remote Access Server 

ZoomAir A P 128 can operate simultaneously as a WAN router and 
as a server for remote dial-in clients (either other LA N s or 
individuals such as telecommuters). Remote clients must have an 
ISD N terminal adapter (sometimes called an ISD N modem), an 
ISD N account and line, and appropriate dialing software. 

Management Options 

The program for setting up and maintaining ZoomAir A P 128 is 
contained in its firmware. 

The most convenient access to this software is through a computer 
connected to the wired portion of the LAN or connected directly 
to the Ethernet port on ZoomAir AP128: 

• An IBM -compatible PC or Macintosh with a compatible Web 
browser for accessing the on-board WebM anage utility to set 
up and maintain ZoomAir A P 128 

For connecting a computer directly to the Ethernet port of 
ZoomAir AP128, you will also need the following: 

• A crossover twisted-pair lOBaseT cable (RJ45 to RJ 45) (not 
included). 

Another way to configure and maintain ZoomAir A P 128 is by 
using a command-line program accessible through its console port 
using the RS-232 cable supplied with the unit. You may also need 
an adapter for attaching the console cable to your computer's serial 
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port: a D B-9 to D B-25 adapter for a PC or a D B-9 to 8-pin M ini- 
D I N for a M acintosh. See your computer's documentation for 
more details. 

Note: The hub, AC outlet, and ISDN line should be located near 
the place where you will be installing ZoomAir A P 128. 



Road Map 

The ZoomAir A P128 can be as simple or complex as your 
networking needs, and it can grow with you as your network grows. 
The implementation strategy in this manual is to divide the 
installation into four phases that are more or less self-contained; 
each phase builds on previous phases. Therefore, you need to go 
only as far as your current needs require. 

The installation instructions in this manual, especially in the first 
two phases, can be followed by most people with little or no 
networking experience if the number of wired and wireless clients 
on the network is between 2 and 20. For networks with more than 
20 clients or for complicated installations involving multiple 
routers or security considerations beyond the basics, we expect that 
users will have an in-house M I S staff or retain the services of a 
networking consultant. Y our reseller should be able to supply or 
recommend the consulting and installation assistance you'll need. 

Following is a preview of the implementation or installation phases; 
each phase corresponds to a chapter number in this book. There 
are two variations of Chapter 2, and they are numbered 2A and 2B . 

Creating an All-Wireless Network 

In Chapter 1, you set up and test ZoomAir AP128 and the 
ZoomAir wireless clients as an all-wireless network. The 
installation in most cases involves plugging in the ZoomAir AP128 
unit and installing ZoomAir radio cards in client computers. 
D efault settings are taken care of automatically, and your wireless 
network is as close to "plug and play" as you can get. If all you 
need is an access point to extend and manage an all-wireless 
network, you are finished— you have created an instant LA N . 

At this point, you may have all that you need in a LAN . If all of the 
clients can communicate with each other through the access point, 
you can stop here, or go on to Chapter 4 to add I SD N and snared 
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I nternet access, WA N access to a remote LA N , or remote access 
service. If you require multiple access points or otherwise need to 
have a wired LAN component, go on to Chapter 2A or 2B. 

Adding New Wired Ethernet Clients to Your 
Wireless Network 

In Chapter 2A, you add wired Ethernet LAN clients to your all- 
wireless network from Chapter 1. Your wireless and wired clients 
can all communicate with each other. Once theZoomAir AP128 is 
properly set up, the wireless and wired LA N operate as one LA N 
without any distinction between the two. 

Adding Your Wireless Network to an 
Established Wired Network 

In Chapter 2B, you plug your all-wireless LAN into an existing 
wired Ethernet LAN . Because you have set up and tested ZoomAir 
AP128 in an all-wireless network in Chapter 1, you know that the 
wireless part of your network is already working. 

Note: When you have completed Chapter 1 and the applicable 
portion of Chapter 2, you will have a fully functioning 
LAN , with wired and wireless clients working seamlessly 
together. You will not have needed to know much about 
the intricacies of networking. 

Ensuring Wireless Security 

I n Chapter 3, you can add security features to your wireless 
network. Wireless LANs that conform to the 802.11-D S5S 
standard provide three security measures: a unique network name 
called the Service Set I dentifier (SSI D ); a channel number, which is 
similar in concept to the channels used in wireless telephones; and 
Wired Equivalent Privacy (WEP), which provides a way of creating 
an electronic "key" and locking out anyone who does not have the 
key. 

Setting Up ISDN and WAN 

Once you have completed Chapters 1, 2, and 3, you can add 
routing functions to your network. Because you are proceeding in 
phases, you already know that you have a functioning network with 
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a wireless access point. I n Chapter 4, you connect your network to 
the outside world. 

I implementing I SD N involves using Zoom's WebM anage utility to 
enter information provided by your telephone company about your 
ISD N phone numbers. With a few clicks and keystrokes, you'll 
have your LA N ready to dial out or receive data calls. 

Your WAN (W ide A rea N etwork) connection— to an Internet 
Service Provider or to another LA N in your company— can be as 
simple as using WebM anage to tell ZoomA ir A P128 the phone 
numbers and passwords. 

When ISDN and your Internet connection have been setup, 
everyone on your LAN — wired and wireless clients— can have 
access to the I nternet through one account. 

You can also set up ZoomA ir A P 128 to provide remote access 
service (RAS), so that members of your organization can dial in to 
your network from home or a branch office and have access to the 
files on your network. Passwords and authentication procedures 
keep your data safe from snoops. 

Implementing Additional Network Controls 

Because ZoomA ir A P128 includes the capabilities of a full-featured 
router, it also contains provisions for sophisticated network access 
control and security. Your company's network administrator, or a 
consultant referred by your reseller, can assist you in setting up or 
modifying settings for DHCP, NAT, static routes, and IP filtering. 



Document Conventions 

This G uide uses various typefaces and styles to indicate specific 
meanings. 

screen text — Represents variable text that will appear on 
your monitor. 

Keyboard text — Represents text that you must type exactly 
as shown. 

variable text — Represents text that you must type, but not 
exactly as shown. 
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[Keyboard text] or [Variable text] — Represents 

text that is optional, either exact or variable. 

Regular text in bold — Represents control keys such as E nter or 
E scape that you must press, or dialog box titles, labels, 
and items that you must click on. 
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1 

Creating an All-Wireless 
Network 

In Chapter 1, you create a wireless network by setting up the 
ZoomAir AP128 and installing ZoomAir Cards on your wireless 
clients. If this is a new installation, you can use the default 
settings for identifying and addressing your access point and 
clients. If you use the defaults, your ZoomAir Wireless LAN is 
almost plug-and-play. 

Topics covered in this chapter include the following: 

• Selecting a location for the ZoomAir AP128. 

• Setting up the ZoomAir AP128. 

• Installing and configuring the ZoomAir clients. 

• Setting up the ZoomAir AP128 on an existing wireless 
network. 

• Testing and troubleshooting. 

Selecting a Location for the ZoomAir 
AP128 

As an access point for a wireless LA N , the ZoomAir A P128 unit 
must be located so that it can pick up radio signals from the client 
computers equipped with wireless LAN devices. ZoomAir A P 128 
will work best as an access point if it is centrally located with 
respect to existing or potential wireless clients. The range of a 
ZoomAir access point or client is approximately 300 feet 
(approximately 90 meters) in a typical partitioned office or 1000 
feet (about 300 meters) in unobstructed line of sight. Remember: 
The effective range depends on the composition of the walls and 
floors of your building. I nside a wiring closet may not be the best 
location for a wireless access point. For additional tips, see the 
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Antenna Options & Installation Instructions Flyer included in 
your Z oomA ir A P128 package. T he documentation for the 
ZoomAir Wireless LAN products also contains suggestions for 
determining the best location for your access point. 

If you are planning an all-wireless network (with no Ethernet 
connection to a wired LAN ), you are currently limited to one 
access point. If you are planning to connect your wireless clients to 
a wired LA N , you can have multiple access points. 

You can extend the range of coverage for wireless clients by 
installing additional access points (for use with a wired LAN ) 
and/ or by purchasing optional antennas for the ZoomAir A P128 
unit(s). Please see the enclosed flyer for details and ordering 
information. 

For your initial setup, you may find it convenient to set up the 
ZoomAir A P128 in the same room as one of your intended 
wireless client computers. You can move the access point unit to 
its permanent location when you have ascertained that it is working 
properly. 

Other Considerations 

Your plan for the permanent location of the ZoomAir A P128 
should also include the following: 

Power: You'll need an electrical outlet for the power adapter. 

Ethernet: If you plan to connect to a wired LAN , the ZoomAir 
AP128 unit must be located near an available Ethernet connection 
such as a port on a hub or an unused workstation connection. 

I SD N : I f you plan to use the I SD N terminal adapter built into 
ZoomAir A P128 (for an Internet or WAN connection, or for 
remote access), the unit must be located near an I SD N jack. 



Note: For dial-out configurations, the ZoomAir A P128 is not 

designed to interoperate with D ial-up N etworking, so you 
should disable DUN when you set up your ZoomAir 
AP128 unit. 
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Setting Up the ZoomAir AP128 



Even if you ultimately plan to use the ZoomAir A P 128 as an access 
point for a wired Ethernet LAN , we recommend that you set up 
the wireless portion of your LA N before connecting it to your 
wired LAN . This way, you can verify that the wireless portion of 
your LA N is working properly and do any trouble-shooting before 
adding any further complexity. 

If you are setting up a wireless network for the first time, you have 
probably purchased the ZoomAir AP128 and at least one 
additional ZoomAir Wireless LAN Card. 

General Strategy 

Install the ZoomAir AP128 first, then install the ZoomAir Card on 
each computer that will be a wireless client. If you use all of the 
out-of-the-box defaults, you will have a working wireless LAN in 
the time it takes you to do the following: 

• Plug in the ZoomAir A P128 unit and slide in the wireless radio 
card that came with it. 

• Plug in a ZoomAir Card in the first client computer and run 
the installation program contained on the CD that came with it 
(V2.40 and higher; floppy disks provided with lower versions). 
As an option, use this client to set up the ZoomAir AP128 unit 
and to generate installation diskettes for all other clients. 

• Plug in a ZoomAir Card in each remaining client computer. As 
an option, run the simple CD wizard program to use the 
floppy disk(s) created above. 

Procedure 

Follow these steps: 

G ently insert the ZoomA ir Card in the slot marked 
WIRE LE SS LAN on the back of the ZoomAir A P 128 unit. 
The ZoomAir label on the thinner front section of the card 
should be facing up. 

Slide the card in carefully until you feel some resistance; then 
push it gently into place. Do not force it, or you may bend 
the pins in the slot. 
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Remove the antenna from the box. The antenna is L-shaped 
and the short part of the L has a built-in connector with a 
silver hexagonal collar. The ZoomAir Card has a mating 
connector with a knurled brass collar. 

To maintain consistent antenna orientation, hold the antenna 
vertically and gently tighten its hexagonal collar until the 
antenna stays in place. Do not attempt to turn the knurled 
brass collar on the card. It is glued in place. 

Note: If you later want to reposition the antenna due to 
orientation changes, you must first loosen the antenna's 
hexagonal nut, reposition the antenna, and then retighten the 
nut. 

Plug the power adapter into the 12VDC jack on the ZoomAir 
AP128. Then plug the power cube into an AC outlet. 



CAUTION different voltages. 

Turn on the power switch at the back of the unit. Be sure you 
can see the L E D s. 

Check the ON light to make sure that the unit is receiving 
power. It takes two to three minutes for the ZoomAir AP128 
to initialize completely. 

Installing and Configuring ZoomAir Cards 
on Client Computers 

The ZoomAir AP128 is now installed and sending radio signals, 
trying to connect to a wireless client. Of course, at this point it has 
nobody with whom to communicate. The next step is to install 
ZoomAir radio cards in the client computers that will makeup 
your wireless network. When that is done, all your wireless client 
computers will be communicating with each other— capable of 
sharing data files and printers— using the Z oomA ir A P128 as an 
access point. 

In this section, the first step is to install a ZoomAir Card on the 
first of your client computers. The default installation automatically 




D o not use a power adapter other than the 
one supplied with theZoomAir AP128. 
Adapters may look similar but have very 
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sets up this client to communicate with theZoomAir AP128 using 
preprogrammed fixed I P addresses. You can then use this 
communication link to run the WebM anage utility built into the 
ZoomAir AP128. Using this utility, you can set up theZoomAir 
AP128 to enable it as a D H CP "server" so that it can provide 
addresses automatically to all the subsequent ZoomAir clients. 

Installing the First ZoomAir Client 

Follow these steps: 

M ake sure your ZoomAir A P128 is turned on. The red 

indicator light on theZoomAir Card should be on, and the 
green light should be flashing. 

Install the first of theZoomAir client cards in one of the client 
computers according to the directions in the documentation 
that came with the card. 

If you are using Zoom-only products, select the AP128 install 
option and follow the instructions on-screen. 

For non-Zoom clients 

If you are using non-Zoom products, for the first client 
computer you must assign an I P address so that the A P 128 
and the client can recognize each other. 

• 0 n the desktop of the computer, click on Start | Settings 
| Control Panel. D ouble-click on the N etwork icon. 

• Scroll down to theTCP/ IP -> entry for the ZoomAir 
card and highlight it by clicking on it. Click on the 
Properties button. 

• I n the next dialog box, click on the I P Address tab. Click 
on the radio button next to Specify an I P address. E nter 
an IP address and an ISP mask. Click OK to close the 

N etwork dialog boxes. Restart your computer. 



Note: This client must have N etscape N avigator 4.0 or later, 
or Internet Explorer 4.0 or later installed on it, and it 
must be configured to connect via a LA N . See your 
browser instructions if you need help. 
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As part of the client installation (V2.40 or higher), an icon for 
the ZoomA ir A P128's on-board WebM anage utility will be put 
on the computer's desktop. Double-click on this icon. The 
browser on the computer will access WebM anage. 

Note: I f this icon doesn't appear, you have two alternatives. 
You can try connecting your Web browser to 
http:/ / 192.168.0.240. 0 r you can use the console to 
enter the necessary commands from the command 
line. For console command instructions, please turn to 
Appendix B. 

The first time you access WebM anage, you will see the System 
I nformation page with places for you to enter your username, 
password, and other information. After that, when you access 
WebM anage, you will be prompted for your username and 
password. 



Hp: Write down your User N ameand Password and keep 
them in a safe place. You will need them any time you 
need to access WebM anage. 

What you are actually seeing is the control panel for the 
ZoomA ir AP128— you are already communicating with your 
new access point! 

Configuring DHCP 

Click on the Configuration button at the top of the page. A 
column of menu buttons will appear on the left. 

Click on theDH CP button on the left of the screen. Seethe 
following illustration: 
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Click on the checkbox next to Enable DHCP Server. Click 
the Save button to usetheZoomAir AP128 defaults. The 
ZoomAir AP128 is preprogrammed with a pool of addresses 
for as many as 30 clients. 



Note: If you are not using the default address of the 

ZoomAir A P 128, you must change the addresses in 
the Dynamic Address Assignment Pool. See page 85. 

I n the main screen of WebM anage, click on the Maintenance 
button at the top of the page. Click on the Restart button on 
the left to restart the ZoomAir A P 128. Exit the browser at this 
point. 

Make sure you set up this first ZoomAir client to share 
printer(s) and file(s) by following the documentation that came 
with the ZoomAir Cards. 

The wireless client you have just installed was given a fixed I P 
address as part of its installation; it is not receiving an I P address 
from the ZoomAir AP128. You do not need to change this; its IP 
address is not in the same range as the pool of addresses 
programmed into the ZoomAir AP128. You may, however, change 
this client so that it will get its I P address from the D H CP server. 
You can do this as follows: 
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0 n the desktop of this computer, click on Start | Settings | 
Control Panel. D ouble-click on the N etwork icon. 

Scroll down to theTCP/IP-> entry for the ZoomAir card 
and click on it. Then click on the Properties button. 

1 n the next dialog box, click on the I P Address tab. Click on 
the radio button next to Obtain an IP address 
automatically. Click OK to close the N etwork dialog boxes. 
Restart the computer. 

Installing Subsequent ZoomAir Clients 

Now install the ZoomAir Cards on the remaining computers that 
will make up your wireless network. Follow the instructions in the 
documentation that came with the ZoomAir Cards. Use thefloppy 
diskettes that were created when you installed the first client. When 
the installation program asks you about DHCP, indicate "I H ave a 

Setting Up the ZoomAir AP128 on an 
Existing Wireless Network 

If you have purchased the ZoomAir AP128 to add to an existing 
wireless network, the installation is only slightly more complicated. 
T here are several possible scenarios using Z oomA ir products: 

• An all-wireless wireless network with standard versions of 
Z oomA ir Cards (M odels 4000-4007). 

• A ZoomAir wireless network with a software access point 
(Model 4010). 

In these cases, uninstall the ZoomAir Card and reinstall with the 
latest drivers. You can find the latest driver information at the 
Zoom Web site at www.zoom.com. 

If you are already familiar with ZoomAir wireless networking, you 
will know that you have to make sure that all wireless clients and 
the access point(s) are set up with the same SSI D (and WE P key, if 
it is used). Access points usually manage the channel designation, 
but you may need to make some manual changes there also. 

For other networks containing non-Zoom wireless devices, the 
devices must be I E E E 802.11 D SSS compliant and have provisions 
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for setting SSID and channel. If you want to use Wired Equivalent 
Privacy (WE P), the devices must also provide for setting this 
feature by directly manipulating the hexadecimal codes (it is 
unlikely that their method of generating hex codes will be 
compatible). 

Testing and Troubleshooting the Wireless 
LAN 

0 nee you have your access point and wireless clients set up, you 
can run some simple tests to be sure it's working. 

Try exchanging files with the clients farthest from each other. Try 
to print from one computer to the printer attached to another 
computer. 

A fast, reliable way to check to see if a particular client is listed is to 
go to Start | Find Computer, and enter the name of that 
computer. 

You can also try the ping command: At the command prompt, 
type ping 192.168.0.240 (assuming you are using the 
default address of the Z oomA ir A P 128 unit) and press E nter. I f 
response times are displayed, the unit is functioning; if you get 
timeouts, the unit is not connected or not turned on, or the address 
is wrong. 

1 f you encounter any difficulties, check the following: 

• All ZoomAir Cards are firmly plugged in. The red light 
indicates that the card is receiving power. A slowly flashing 
green light on the Z oomA ir A P 128 indicates that the Z oomA ir 
Card is linked to the network. The ZoomAir client computers 
will display a green monitor icon in the system tray when the 
client is linked to the network. The icon will be red if the client 
is not linked. 



N ote: Remember, the Z oomA ir cards are not hot-swappable: 
You must power down each and every time you remove a 
ZoomAir card. 

• M ake sure all wireless clients and the ZoomAir A P128 have 
the same SSI D (and W E P key if it is used). 
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• A ntennas are oriented correctly. 

• All computers are turned on. 

• E ach computer has file and printer sharing enabled, as 
appropriate, and there is at least one folder set up for sharing. 

• N etwork N eighborhood has been given enough time to 
recognize all the clients on the network (N ote: This can take 
several minutes). To quickly check to see if a particular client is 
listed, go to Start | Find Computer and enter the name of 
that computer. 

• The clients are not too farfrom theZoomAir A P128 unit. 
Although the range in a typical office is 300 feet (about 90 
meters) and 1,000 feet (about 300 meters) in unobstructed line 
of sight, any obstacles may diminish the range. Thick metal 
objects may totally block the signal. 

• The ZoomAir AP128 unit is receiving power. 

• The correct printer driver is installed on the computers from 
which you are sending print jobs to a remote printer. 

• I f the computer is checked to obtain the I P address from the 
DHCP server, make sure an appropriate I P address is assigned 
to it. 
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Connecting an All-Wireless 
Network and a Wired Network 

0 nee you've set up your ZoomAir Wireless LAN according to 
the instructions in Chapter 1, it is a simple matter to add wired 
LAN clients to it. We've divided this chapter into two parts, 2A 
and 2B. In 2A, we assume that you are setting up a 
combination wired and wireless LAN for the first time. In 2B, we 
explain how to add the ZoomAir AP128 if you already have an 
existing wired network. 

2A: Adding New Wired Ethernet Clients to 
Your Wireless Network 

This section covers the following topics: 

• Installing the N IC cards on client computers. 

• Providing IP addresses. 

• M aking the connections to a hub. 

Installing the NIC Cards on Client Computers 

E ach computer on the wired portion of your LA N will need to 
have a Network Interface Card, or N IC card, installed on it. Also 
each computer will need to be configured for networking. If this is 
an initial installation of an Ethernet or wired LAN , you will also 
need to purchase a hub to link the computers together, and enough 
Ethernet cable (typically lOBaseT, CAT 5) and connectors to hook 
up the network. 

Tip: Some vendors offer N I C cards and cables as complete 
networking kits. 
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Note: The ZoomAir AP128 does not support cables designated 
as 100BaseTX ("Fast Ethernet") and 10Base2. 

For most small installations, one hub will suffice; just be sure that it 
has enough ports for all the wired-LA N computers plus one for the 
ZoomAir A P 128. For larger installations, you can use multiple 
hubs or a larger-capacity hub (which may be easier). 

For physical installation of the hardware, follow the directions in 
the documentation for the N I C cards and/ or kits you have 
purchased. When you get to the part of the documentation for 
setting up the network (especially I P addressing), read the following 
section of this Guide first. If you are adding theZoomAir AP128 
to a pre-existing wired LA N , you need to check the default I P 
settings for theZoomAir A P 128 unit; you may need to change 
them. 

Providing IP Addresses 

When you are configuring your new N I C cards, the setup software 
or the documentation may ask you to decide whether to specify I P 
addresses ("static" addresses) or obtain an I P address automatically. 
We recommend setting up each N IC card to obtain an I P address 
automatically through theZoomAir A P128's DHCP server. 

As appropriate to your situation, set up each computer for file and 
printer sharing. Consult your Ethernet N IC card documentation. 



Note: TheZoomAir A P 128 and clients must be running so that 
the A P 128 can provide IP addresses to the clients. The 
AP128 must be connected through a hub to the wired 
portion of the LA N (see the next section) to provide 
addresses to wired clients. 



Making the Connections to a Hub 

0 nee all your wireless and wired members of the LA N are set up, 
you can connect each wired computer and theZoomAir A P 128 to 
a hub. This is typically done with lOBaseT cables terminated with 
RJ -45 connectors (they look like thick telephone plugs). The 
ZoomAir A P128 comes with a white lOBaseT cable that plugs into 
the LAN jack on the back of the unit. 

If they are not already running, turn on the ZoomAir A P 128 (make 
sure to wait for it to finish booting) and then turn on the 
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computers on your LA N . Computers that are already running 
should be restarted so that the D H CP server in the ZoomAir 
AP128 unit can provide them with addresses. 1 1 may take a few 
minutes for the wireless clients to establish their connections. 

2B: Adding Your Wireless Network to an 
Established Wired Network 

This section covers the following topics: 

• M aking the IP addresses of the wired and wireless LAN 
compatible. 

• M aking the connections to a hub. 

Making the IP Addresses of the Wired and 
Wireless LAN Compatible 

I f you are unfamiliar with the term I P addressing, it is the means by 
which the LA N identifies each computer or other device 
(sometimes called a "host") connected to the network. The I P 
address consists of four numbers separated by periods. I P 
addresses function very much like telephone numbers. With 
telephone numbers, there is an area code that identifies a region 
and an exchange that identifies a town or neighborhood. The final 
digits of the telephone number identify a unique account in a 
household or office. With most I P Class C addresses, the first three 
numbers identify the network and the final number identifies a 
particular device. For more on I P addressing, please turn to 
Appendix C on page 125. 

I P addresses may be set by you or a network administrator, or they 
may be supplied to each network device automatically 
("dynamically") by a device called a DHCP (Dynamic Host 
Configuration Protocol) server on your network. 

If you enabled DHCP when you set up the ZoomAir A P 128 and 
the ZoomAir client cards, the wireless portion of your LAN has 
already been set up with dynamic I P addresses using the D H CP 
server built into the A P 128 (see Chapter 1). 

The address for the ZoomAir A P128 is 1 92 . 168 . o . 24 0, and 
the first address pool for D H C P is in the range of 
192. 168. 0.210 to 192. 168.0 .239. Thefirst three groups, 
1 92 . 1 68 . o, are often used to define internal LA N s because they 
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are among a set of addresses that are known not to conflict with 
I nternet addresses. 

H ere are some alternatives you can consider in joining your wired 
and wireless LANs. 

• I f you have only a few wired clients, and they now have fixed 
addresses, you can implement DHCP in the wired clients and 
let the D H CP server in the ZoomAir AP128 manage all 
addresses. 

• If you have a moderate-to-large wired LAN that is already 
served by a D H C P server other than the Z oomA ir A P 128, you 
can use Web Man age to (1) change the ZoomAir AP128 
address to one that is compatible with the wired LA N and (2) 
disable D H CP on the ZoomAir A P 128. The clients on the 
wireless portion of your LAN , already set up as D H CP clients, 
will simply get their addresses from the D H CP server on your 
wired LAN . 

• I f you have a wired LA N with all fixed addresses and no 
DHCP server of its own, and you do not want the ZoomAir 
AP128 D H CP server to provide addresses, you can use 
WebManageto disable DHCP and provide the ZoomAir 
AP128 with an address that is compatible with the wired 
portion of the L A N . Y ou will then have to change the I P 
addresses of the ZoomAir wireless clients to ones that are 
compatible with the rest of the wired LA N . 

Implementing DHCP in Wired Clients 

To implement DHCP, you have to visit each computer and make 
changes through its N etwork Control Panel. The various versions 
of the Windows operating system may display information slightly 
differently, but the following should be a good guide: 

0 n the desktop of each computer, click on Start | Settings | 
Control Panel. D ouble-click on the N etwork icon. 

Scroll down to the TCP/ IP ■> entry for the NIC card 
installed on the computer and highlight it by clicking on it. 
Click on the Properties button. 

1 n the next dialog box, click on the I P Address tab. Click on 
the radio button next to Obtain an IP address 
automatically. Click OK and close the N etwork dialog boxes. 
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Restart the computer. 

You are now ready to connect theZoomAir A P128 to your wired 
LA N . Y ou can skip the next sections and go directly to M aking 
the Connections to a H ub on page 38. 

Changing the IP Address of the ZoomAir AP128 
and Disabling DHCP 

Presumably, you have already enabled DHCP in theZoomAir 
AP128 by following the instructions in Chapter 1. This was not a 
wasted step; by installing your wireless network first, in its simplest 
configuration, you were able to verify that it was working properly. 
N ow it's a fairly simple matter to reverse the process. 

First, however, you need to find out the network address of the 
wired portion of your LA N and use that information to provide a 
new address for the ZoomAir A P 128. Continue with the following 
section. 

Getting Your Wired Network Address 

There are a few possible sources of your wired network address— 
your organization's network administrator or the person who 
installed your network, or an outside networking consultant who 
can determine the available addresses. Your Zoom vendor or 
reseller should either have consultants on staff or be able to 
recommend someone. The goal is to get a unique static I P address 
for the ZoomAir AP128 unit that is part of the "family" of 
available addresses for your existing LAN . You will also need your 
LAN'sNetmask(255.255.255.o unless your LAN has 
subnets). (For more information on subnets and netmasks, see 
Appendix C: IP Networking Basics.) 

For your convenience, write the new address for your ZoomA ir 
A P 128 here: 
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Using WebManage to Change the IP Address of ZoomAir 
AP128 

You can change the IP address of the ZoomAir AP128 unit from 
any computer on your wireless network. The computer must have 
N etscape N avigator 4.0 or later, or I nternet Explorer 4.0 or later. 

Follow these steps: 

Make sure your ZoomAir A P 128 isturned on. 

Note: Your browser should be configured for LAN access. If 
you have previously used your browser for dial-up 
access, you will need to change it to LAN access. 

When you installed your wireless clients, the installation 
process placed a WebManage icon on the desktop. Double- 
click that icon to start the WebM anage utility. 

I f you cannot find the WebM anage icon, start your browser. I n 
the location space, type 192 . 168 . 0 . 240 and press E nter. 
This is the default address of ZoomAir A P 128. 

We assume that you have already accessed WebM anage as part 
of enabling DHCP in Chapter 1. If that is the case, you will be 
asked for your password. Type it in and follow the prompts. If 
you have not used WebM anage yet, see C hapter 1. 

Click on the Configuration button at the top of the screen. 
Then click on the LAN button on the left side of the screen. 
The following screen will display: 
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ZoomAir API 28 - LAN -192.168.0.240 - Netscape 



File Edit View Go Window Help 



LAN 



The following settings apply to both the Wireless and Ethernet LANs! 



IP Address: [l92 ■ 168, 0.2 40 RIP Version: | 2B _j 




Netmask:|2 55,2 55,2 55,0 RIP Pemiissions:| Hone _j 
Broadcast: [192.168. 0.2 55 Filter Proffle: | 0 jj 

Enable IP Routing: F 
Bridge Non-Routed Protocols: V 



ancel | Save | 



|Document: Done 




Fill in the IP Address box with information you have derived 
from your existing wired LAN . The N etmask should remain as 
it is. The Broadcast address should be the same first three 
number groups as the IP address, with 255 as the last 
number. D o not change any of the other settings. Click on the 
Save button. 

When you have successfully saved the new information, go on 
to the next section. D o not exit your browser yet. 



Note: If you don't want to disable D H CP, or if D H CP is not 
enabled, make sure to restart the A P 128 at this point to 
activate the new address. 



Disabling DHCP 

Follow these steps to disable DHCP in the ZoomAir AP128: 

I n the main Configuration screen in WebM anage, click on the 
DHCP button on the left of the screen. 

Click on the checkbox next to Enable DHCP Server to 

remove the check from the box. 

Click on the Save button. 

At the top of the WebM anage screen, click on the 
Maintenance button. 0 n the left side of the screen, click on 
the Restart button and follow the prompts. Exit your browser. 
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Finishing Up 

At this point you have given theZoomAir A P 128 a fixed address 
that is compatible with the rest of your wired LA N , and you have 
disabled its D H CP server. If your wired LAN has a D H CP server, 
you are ready to connect theZoomAir A P 128 to your wired LAN . 
You can skip the next section and go directly to Making the 
Connections to a H ub on page 38. 1 f your wired LA N uses fixed 
I P addresses, you need to provide addresses for the wireless clients. 
Continue below. 

Providing IP Addresses for the Wireless Clients 

For each ZoomAir-equipped computer on your network, you will 
need to make changes in the N etwork Control Panel, as follows: 

Click on Start | Settings | Control Panel. Double-click on 
the Network icon. 

I n the Configuration tabbed page, find the entry that begins 
TCP/IP -> and continues with the name of theZoomAir 
card that is installed on this computer. 

(If you don't haveTCP/ IP, you'll need to add it. In that same 
Configuration tabbed page, click on the Add button. Select 
Protocol and click Add. U nder M anufacturers, select 
M icrosoft and T C PI I P and click 0 K.) 

H ighlight the TCP/ IP entry by clicking on it; then click on 
the Properties button below. 

In theTCP/ IP Properties dialog box, click on the IP 
Address tab. 

Click on the radio button labeled Specify an IP address. 

E nter an I P Address not already in use and enter the Subnet 
M ask. 

Click on OK; restart the computer if you are asked to do so. 

Repeat this process until all ZoomAir-equipped computers have 
been reconfigured. 

Making the Connections to a Hub 

With all of your wireless and wired members of the LAN set up, 
you can now connect theZoomAir A P 128 to a hub that is 
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connected to your wired LAN . This is typically done with the white 
lOBaseT cable provided with the unit. Plug one end of the cable 
into the LAN jack on the ZoomA ir A P128 and the other end into 
the hub. 

If they are not already running, turn on the ZoomA ir AP128 and 
then the computers on your LAN.lt may take a few minutes for 
the wireless clients to establish their connections. Any computers 
that are already running should be restarted, especially if you have 
changed their networking configurations. 

2C: Testing and Troubleshooting the 
Wireless/ Wired LAN Combination 

A fast, reliable way to check to see if a particular client is listed is to 
go to Start | Find Computer and enter the name of the 
computer. 

Try printing to the printer connected to a networked computer, 
and try to open or copy files from remote clients. 

I f you encounter difficulties, check the following and make any 
necessary modifications: 

• All ZoomAir Cards are firmly plugged in. The red light 
indicates that the card is receiving power. When used as an 
access point, a slowly flashing green light indicates that the 
ZoomAir Card is linked to the network. The ZoomAir client 
computers will display a green monitor icon in the system tray 
when the client is linked to the network. The icon will be red if 
the client is not linked. 

• M ake sure all wireless clients and the ZoomAir A P128 have the 
same SSI D (and WE P key if it's used). 

• All cables are firmly plugged in. 

• A ntennas are oriented correctly. 

• All client computers are turned on. 

• E ach computer has file and printer sharing enabled, as 
appropriate, and there is at least one folder set up for sharing. 

• E ach client has a unique I P address. 



2 Connecting an All-Wireless Network and a Wired Network 



39 



• N etwork N eighborhood has been given enough time to 
recognize all the clients on the network (this can take several 
minutes). 

• The clients are not too far from theZoomAir A P128 unit. 
Although the range in a typical office is 300 feet (about 90 
meters) and 1,000 feet (about 300 meters) in unobstructed line 
of sight, any obstacles may diminish the range. Thick metal 
objects, for example, may totally block the signal. 

• The ZoomAir A P128 unit and the hub are receiving power. 

• The correct printer driver is installed on the computers from 
which you are sending print jobs to a remote printer. 
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Ensuring Wireless Security 

Wireless LANs that conform to the 802.11-DSSS standard 
provide three security measures: a unique network name called 
the Service Set Identifier (SSID); a channel number, which is 
similar in concept to the channels used in wireless telephones; 
and Wired Equivalent Privacy (WEP), which provides a way of 
creating an electronic "key" and locking out anyone who does 
not have the key. In Chapter 3, we'll tell you how to add 
security features to your wireless network. 
This chapter covers the following topics: 

• SSID and channel settings. 

• WEP. 

• Advanced security settings. 

SSID and Channel Settings 

The easiest way to increase the security of the wireless portion of 
your LA N is to give it a name other than the default. T his Service 
Set I dentifier, or SSI D , acts like a password; a casual snooper 
cannot link to your wireless LA N without knowing the SSI D . Y ou 
probably won't need to change the channel setting unless there is a 
neighboring wireless LAN operating on the same or an adjacent 
channel. 

Follow these steps: 

From the Configuration screen of WebM anage, click on the 
Wireless AP button on the left of the screen. The Wireless 
Access Point Basic Settings screen will appear. See the 
following illustration: 
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ZoomAir API 28 - Wireless Access Point Basic Setti. 



File Edit View Go Window Help 
\>- A / 



asic Settings 




Details for Filling In this Page 



Note: BesuretheZoomAir Wireless LAN PC Card is 
inserted firmly in the PCMCIA slot of ZoomAir 
AP128. 

I f you are establishing a wireless LA N for the first 
time, we recommend that you set up the access point 
first, before you install the ZoomAir Wireless LAN 
Cards on client machines. 

If you are replacing a software-based ZoomAir Access 
Point with the A P 128 hardware access point, you will 
probably have to change some settings on the client 
machines. Before you begin this phase, record the 
following data about your current access point: 

SSID: 

Channel: 

WE P Passphrase: 
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SSI D — T he Service Set I dentif ier, or SSI D , is the name of 
the wireless portion of your LAN. It is a unique string 
of characters that identifies the wireless Service Set of 
your LAN . For SSI D, enter a group name that will be 
shared by every member of your wireless network. (If 
you are replacing an existing software access point, 
enter its SSI D ). This identifier must be the same for 
all computers that are to be in the same wireless 
network. The identifier will also prevent outsiders 
from access to your network if they don't know your 
SSI D . Members of your network should regard the 
SSID as a password and keep it secret. 

When you set up the client stations on the wireless 
portion of the network, you must use this SSI D for 
each client station. 

Channel — In N orth America, 11 channels are available for 
wireless LAN communications. These channels are 
much like the channels available to cell phone 
communications. I f your LA N is not located near any 
other wireless LA N , or if you do not plan to have 
independent segments of your wireless LA N 
dedicated to different company functions, you can 
choose any number. I f you are installing more than 
oneZoomAir AP128 access point, you can have up to 
three adjacent channels if they are at least 5 channels 
apart (e.g., 1, 6, 11). Your access point will signal the 
wireless client computers in its range and set their 
channels automatically. 

Sending Changes to ZoomAir AP128 

Review the page when you have entered all the information. 
You can click on Cancel if you want to reset the form and 
start over. When you are satisfied with the information on this 
page, click on Save. WebM anage will send the information to 
theon-board memory in ZoomAir A P 128, and you will see a 
confirming screen. N ote: You must then restart the computer 
for your changes to take effect. 
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Wired Equivalent Privacy 



As long as the SSI D is kept secret, and if no other wireless LANs 
are within 300 feet (90 meters) of your LA N , you probably do not 
need any further security measures. ZoomAir AP128 does provide, 
however, for additional security in the form of W ired E quivalent 
Privacy (WEP). WEP addresses two concerns: 

• Access to your network by intruders using similar wireless 
LAN equipment to become unauthorized members of the 
network. 

• E avesdropping on your wireless LA N traffic by capturing its 
radio signal. 

Access Control 

WEP allows you to provide an electronic "key" to your network. It 
denies access to your network by anyone who does not have the 
key— much in the same way that outsiders are denied access to a 
locked building unless they have a key. Users of your network must 
exchange information about their current key before their 
computers are given access to the network. 

Eavesdropping Prevention 

The WE P program generates a pseudo-random number for each 
packet of information it sends. The packet contents cannot be 
decoded without knowledge of a shared secret key. 

Follow these steps: 

Return to the Wireless Access Point Basic Settings page 
and click on the Security button. See the following illustration. 
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Details for Filling In this Page 
WEP State — Choose one of these options: 

• Disabled — M embers will not have access to 
WE P-enabled members and vice-versa. 

• Mandatory— Members for which WEP is 
enabled will have access only to other members 
with WEP enabled. 

• Dynamic — The access point can communicate 
with either M andatory or D isabled WEP 
members. 

Passphrase —WEP generates its electronic key by 

converting a string you supply— the Passphrase— to a 
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series of hexadecimal numbers. I n the Passphrase 
area, enter a string of letters and numbers. Click on 
the Generate button to generate your WE P key. You 
can further modify the key by entering numbers 
directly into the keys. 



Note: You must use the same WE P key for all ZoomAir 
units in your wireless LAN . Be sure to record your 
Passphrase and any manual modifications to the key 
and keep it in a secure place. 

I n some older ZoomAir installations, the Passphrase 
may be called a Key String. 

Sending Changes to ZoomAir AP128 

Review the page when you have entered all the information. 
You can click on Cancel if you want to reset the form and 
start over. When you are satisfied with the information on this 
page, click on Save. WebM anage will send the information to 
theon-board memory in ZoomAir A P 128, and you will see a 
confirming screen. N ote: You must then reboot the machine 
for your changes to take effect. 

Advanced Settings 

The advanced settings for the wireless access point should not have 
an effect on access or security, and you should not normally need 
to change them. If you want to review them, or if you have a 
reason to change them, follow these steps: 

From the Wireless Access Point Basic Settings page, click 
on the Advanced button. See the following illustration. 
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Details for Filling In this Page 

Beacon Period — This sets the time between beacon 

transmissions of the ZoomAir access point. The range 
is 20 to 32,767 K usees (one K usec=l millisecond, or 
msec). 

DTIM Period — This value indicates the number of beacon 
periods between beacon transmissions that are 
DTI M s. M ake any changes with care; this setting 
interacts with Beacon Period. The default is 2; the 
range is 1 to 254. 

Ethernet Conversion — This item sets the mode used for 
conversion of Ethernet frames received from the D S. 
The default is 802. Ih. The available options are as 
follows: 

• E ncapsulated — The entire E thernet frame 
(including the Ethernet MAC header, but not the 
CRC) is encapsulated into the payload of the 
802.11 frame. 

• RFC1042- The D IX Ethernet frames are 
converted using SNAP header based on 
RFC1042. T his mode will also convert any 
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RFC 1042 header frames to DIX Ethernet frames 
before transmission to the Ethernet interface. 

• 802.1h - T he D I X E thernet frames are tunneled 
using a full selective translation table. This mode 
does not convert RFC1042 SNAP header frames 
to D IX Ethernet before transmission to the 
Ethernet interface. 

Fragmentation Threshold — This parameter sets the point 
at which a long packet will be broken into fragments. 
The purpose of fragmentation is to increase the 
likelihood that long packets will get through to their 
destination when there is high RF interference or 
where the radio unit is operating close to the fringe of 
its range. Fragmentation reduces overall throughput. 
The default value is 2304; the range is from 256 to 
2304. The maximum value implies that fragmentation 
is never used. Set fragmentation below the maximum 
only when you expect that the radio signal will 
sometimes be marginal. 

Sending Changes to ZoomAir AP128 

Review the page when you have entered all the information. 
You can click on Cancel if you want to reset the form and 
start over. When you are satisfied with the information on this 
page, click on Save. WebM anage will send the information to 
theon-board memory in ZoomAir A P 128, and you will see a 
confirming screen. N ote: You must then reboot the machine 
for your changes to take effect. 
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4 

Setting Up ISDN and WAN 

In Chapter 4 you set up the ZoomAir AP128 to connect your 
LAN to the outside world— the Internet or another LAN, or a 
dial-in remote user. The connection is made through an on- 
board ISDN terminal adapter at speeds up to 128 Kbps- more 
than twice the speed of a conventional analog modem. 
Because the ZoomAir AP128 is also a router, it keeps track of 
all the members of your network, both wireless and wired: Data 
travels to and from individual members of your LAN, but to the 
outside world your LAN looks like a single device. 

This chapter covers the following topics: 

• G etting an ISDN line. 

• Connecting the ZoomAirAP128 to your ISDN service. 

• G etting information for WAN accounts— Internet, remote 
LAN, and dial-in. 

• Setting up the Zoom Air AP128 with ISDN and WAN 
accounts. 

• Basic security. 

Before You Start 

From this point onward, installation of the ZoomAir AP128 
becomes more complex. T he Z oomA ir A P 128 is intended for a 
diverse variety of installations. I n many cases, it will be installed by 
a networking expert within your organization or by a consultant or 
technician supplied by your reseller. I f you are inexperienced in 
network installations but generally feel comfortable around 
computers, the procedures explained in this chapter are not too 
difficult to understand. We recommend that you read through this 
chapter and resolve any questions you may have before you start. 
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Getting an ISDN Line 



I f you already have an I SD N line, go to I SD N I nformation for 
Setting Up ZoomAir AP128on page 52. Otherwise continue 
below. 

I SD N (I ntegrated Services D igital N etwork) is a service offered by 
local telephone companies. The service is mostly for rapid data 
connections but may also include voice telephone connections and 
various telecommunications management features. The ZoomAir 
A P128 supports only data services and data transmissions over the 
data and voice channels. 

I SD N service is delivered through standard telephone wires. To 
use I SD N , you must order the service through your local telephone 
company. Y our telephone company will give you the following 
information: 

• Telephone numbers (also referred to as D irectory N umbers, 
or D N s) for use with your I SD N service; these may be new 
numbers or reassignments of your existing numbers. For 
optimum use of the ISDN terminal adapter in ZoomAir 

A P 128, we recommend that you have two telephone numbers 
assigned to your ISDN line. 

Service Profile Identifiers (SPIDs) are typically used in North 
America to associate a D N with a type of service, for 
example, voice and/ or data. 

SubA ddresses are typically used outside N orth America to create 
"extensions" of the D N ; SubAddresses are usually selected 
by the customer. 

• Switch type— the kind of equipment the telephone company 
uses to provide I SD N service. 

T hese items are explained in the following sections. 
Telephone Numbers 

Your ISDN terminal adapter must beset up with two ISDN 
telephone numbers to make use of both channels. E ach telephone 
company does this differently. 

Multiple Subscriber Numbers (Outside North America): If the 

M ultiple Subscriber N umber (M SN ) option is available in your 
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location, we recommend that you choose it. This means that you 
will have a separate directory number (D N ) for each channel of 
your I SD N service. If M SN is not available in your location, you 
can use a single telephone number and SubAddresses. 

The following table shows the kind of information you will need to 
order telephone numbers for your I SD N service. 

In this table the information given for D N s applies equally to SubA ddresses. 



Ordering Telephone Numbers for ISDN Service 



In N orth A merica: Choose an 
account with two D N s. The 
telephone company may also 
assign one or two SPIDs 
(Service Profile Identifier 
numbers). 



Outside N orth A merica: If 
available, choose an account 
with MSN , if available. 
Otherwise obtain a single D N 
with SubAddresses. You will 
not have SPIDs. 



To take full advantage of terminal adapter features, 




Two telephone numbers (D N s). 

E nabled for both data and voice calls. (0 ne term the 
telephone company may use for multiple D N s enabled for 
voice and data is "alternate switched voice/ data.") 



Special Ordering Options in North America: Your telephone 
company may have special packages that make ordering an I SD N 
line easy. Two of them are NIUF, Capability S; and EZ-ISDN 1 

(NIUF stands for N orth American ISDN Users Forum.) EZ- 
ISDN 1 has some voice calling options that you do not need, such 
as call forwarding, but the package price may be attractive even if 
you do not use all the features. ZoomAir AP128 is compatible with 
both packages. 

Another option is ISD N Centrex service, usually offered in 
conjunction with an ISP. With Centrex, your ISDN is on a 
dedicated line that is always "on." Usage is charged at a flat rate, 
and there are no per-minute charges from the phone company. 
Consult your I SP regarding this option. 

Switch Type 

Y our telephone company will also tell you what kind of equipment 
(switch) it uses to provide your I SD N service. Y ou will need this 
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information in setting up the terminal adapter. The possibilities are 
as follows: 

National ISDN lor 2 
Northern Telecom D MS 100 
AT&T Custom 5ESS 
EurolSDN (E urope) 
IN S-64 (Japan) 

The model of theZoomAir A P 128 you purchased may already be 
configured for your national ISDN protocol. Also, the WebManage 
utility may show only the options available in your country. 

Connection Interface 

Z oomA ir A P128 models sold in N orth A merica connect directly to 
a 2-wire I SD N U interface and have a built-in N T 1 (N etwork 
Termination 1) device. You will not need an NT1 interface from 
the telephone company. 

M ost Z oomA ir A P 128 units sold outside N orth A merica have an 
SI T interface that connects to an I SD N N T 1 device provided by 
the telephone company. 

The ISD N cable shipped with ZoomAir AP128 has an RJ-45 plug 
at one end for connection to ZoomAir A P128 and an RJ -11 plug at 
the other end for connection to the I SD N wall jack. I f the 
telephone company can give you an RJ -11 wall jack, request it. The 
cable will operate with an RJ -45 jack; however, it will fit more 
securely in an RJ -11 jack. 

Bandwidth 

N ormally, the bandwidth (data transmission speed) for I SD N is 64 
K bps per channel. I n some parts of the U nited States, however, the 
maximum bandwidth is 56 K bps. You need to find out if your 
I SD N service, or the I SD N service into which you will be dialing, 
has this limitation, and set the bandwidth appropriately. 

ISDN Information for Setting Up ZoomAir AP128 

Y ou can fill in the following table with the information you will 
need when you set up ISDN on your ZoomAir A P128. 
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uirecrory NUmDers (uimsj 
assigned to your ISDN 
account 




Service Profile Identifiers 
(SPIDs) (North America) 




SubAddresses (outside 
North America) 




Switch type 




Bandwidth: 56K vs. 64K 
per channel 





Connecting the Zoom Air AP128 to Your 
ISDN Service 

0 nee you have established your I SD N service, you can connect the 
ZoomAir AP128. Use the black RJ-45 to RJ -11 cable provided with 
your unit. Plug the larger end into the WAN jack on the back of 
the Z oomA ir A P 128. (T his is the jack closest to the Z oomA ir 
Card.) Plug the other end into the I SDN wall jack. If the wall jack 
is an RJ -45, the RJ -11 connector will still work. 

Getting Information for WAN Accounts- 
Internet, Remote LAN, Dial- In 

Before you set up your WAN accounts in the ZoomAir A P128 
unit, it is a good idea to gather some basic information about each 
kind of WA N access you want for your LA N . T he following 
sections outline some of the information you should get in 
advance. 

Internet Account 

1 f you want to use the Z oomA ir A P 128 for shared I nternet access 
on your LA N , you will need the following: 
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• An account with an ISP that supports M L-PPP (Multi-Link 
Point-to-Point Protocol) service. This allows you to use both 
I SD N channels for I nternet access. 

• One or more phone numbers for access to the ISP. 

• Log-in name 

• A static I P address, if your I SP provides one. 
Remote LAN 

If you want to usetheZoomAir AP128 to connect to another 
LA N in your organization (a branch office or a department across 
the campus), you will need to decide which router will dial out and 
which router will accept the call. TheZoomAir AP128 can beset 
up either way. You will need the following information: 

• Login name (yours for dial-out; the remote router's for dial-in). 

• Phone numbers. 

• Caller I D information (if implemented). 

• T he I P address and netmask of the remote LAN. 

• Password and authentication methods (PAP or CHAP). 

Dial- In (Remote Access Service) 

TheZoomAir A P 128, with only one WAN port, is not ideal for 
multiple remote access (for instance, as a file or FTP server for 
public access). It can be very useful, however, for office colleagues 
who are telecommuting or calling in from the field to upload or 
download files, access the I nternet, etc. 

For each remote user, you will need the following information: 

• Login name. 

• Password. 

• I P address. 

• Callback number (if this feature is used). 

• Caller ID number (if this feature is used). 
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Setting Up the ZoomAir AP128 with ISDN 

When you have gathered the information about the I SD N services 
you want for your LAN , you can use WebM anage to send the 
information to the ZoomAir AP128. 

Follow these steps: 

From one of your wireless client computers, click on the 
WebM anage icon. D oublecheck that you're using the correct 
IP address for your ZoomAir AP128. (If not, enter the correct 
address in your browser's address space.) 

I f there is no icon, start your browser. I n the address space, 
type 192 . 168 . o . 240 (or the address you have assigned to 
Z oomA ir A P 128) and press E nter. E nter the name and 
password. 

The initial WebM anage screen will display. Click on the 
Configuration button at the top of the screen and then the 
ISDN button on the left side of the screen. The following 
page will display: 



ZoomAir API 28 - ISDN Configuration -192.168.0.8 - Netscape 



File Edit View Go Window Help 

if- -A--.-; 



ISDN Configuration 



Switch Type: National I 



Data Over Voice: P 

Directory Numbers 



Channel Data Rate:| 64K 
SPIDs 
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Details for Filling In this Page 

Switch Type — This should be filled in already. If it is not, or 
if it does not match the Switch Type of your 
telephone company, change it using the pull-down 
menu. 

Data Over Voice— You will see this item if you are using 
one of the N orth American Switch types. You may 
want to check Data Over Voice if your phone 
company charges a higher rate for data calls than it 
does for voice calls. W ith D ata 0 ver V oice, your data 
travels over the I SD N voice channel at a maximum 
rate of 56 K bps (112 K bps for bonded channels under 
ML-PPP). 

Channel Data Rate — The default setting for the Channel 
D ata Rate is 64 K bps. I n some areas of N orth 
America, your telephone company may indicate that 
you need to connect at 56 K bps. You also have to use 
the 56 K bps setting if you are connecting with an area 
that requires this speed. If either situation is true, 
select 56K from the drop-down menu. 

Directory Numbers 

DN 1 — Type in the first D irectory N umber (D N ) for your 
ISDN service. 

DN2— Type in the second D irectory N umber (D N ) for your 
ISDN service. 

Depending on your Switch Type, you may need to fill in the 
SPIDs. 

SPIDs 

SPID 1— Type in theSPID corresponding to DN 1. 
SPID 2— Type in the SPID corresponding to DN2. 

Sending Changes to ZoomAir AP128 

Click on Save to send the changes to ZoomAir A P128 or click 
on Cancel if you would like to start over or edit your changes. 
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Setting Up the ZoomAir AP128 for WAN 
Accounts 

If you will be using theZoomAir AP128 asadial-in device for a 
remote LA N or for individual dial-in clients, you must set up some 
WAN defaults. If you intend to use ZoomAir AP128 only for 
connecting to the I nternet or for dialing out to a remote LA N , skip 
this section and go on to Setting Up Accounts— Main Screen on 
page 59. 

WAN Defaults for Dial- In 

Follow these steps: 

From the main Configuration screen in WebManage, click on 
the WAN button. The following page will display: 



ZoomAir AP128 - WAN Basic Settings -192 168 0 8 - Netsc HQ E 



File Edit View Go Window Help 



Dial In Authentication Method: 




WAN Basic Settings 



WAN Enable: W 



Dial In Defaults 



CHAP or PAP J 



Dial In Link Protocol: 



MLP J 



Channel l Dial In IP Address: 


o.o. □.□ 


Channel 2 Dial In IP Address: 


o.o. □.□ 



Manual Connections 



Cancel 



Save 




IDocurnent: Done 



Details for Filling In this Page 

WAN E nable — Leave this box checked unless you don't 
intend to use the A P 128 as a router (i.e., you will be 
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using it only as an access point for a wireless LA N ). 



Dial In Defaults 

Dial I n Authentication Method — Choose a default 

authentication method that theZoomAir AP128 will 
use for checking passwords. CHAP (Challenge 
Handshake Authentication Protocol) and PAP 
(Password Authentication Protocol) handle security 
and authentication. Your WebM anage choices are 
CH AP only or CH AP or PAP (the default). CHAP 
implements encrypted passwords; PAP implements 
passwords and usernames in clear text— thus not 
providing as much security as CHAP. 

CH AP only — User password is sent in encrypted 
form and is secure from line snoopers. 

C H AP or PAP - U ses C H A P or PA P depending on 
the settings or capabilities of the dial-in client. 



Tip: It is always wise to choose the most secure method 
supported by your network. 



D ial I n L ink Protocol — The choices are PPP and M L P 

(the default) as follows: 

PPP— Point-to-Point Protocol, a single-channel 
connection to your I SP or a remote router over your 
I SD N line. M aximum speed is 64 K bps. 

MLP— M ulti-L ink PPP, in which two channels are 
"bonded" for a total throughput of 128 K bps. 

Channel ID ial In IP Address — E nter the address to which 
the first dial-in client will be directed if the client has 
not been given an address in the Accounts section of 
WebM anage. 

Channel 2 Dial In IP Address — E nter the address to which 
a second dial-in client will be directed if Channel 1 is 
in use and the client has not been given an address in 
the Accounts section of WebM anage. 

Sending Changes to ZoomAir AP128 

Click on Save to send the changes to ZoomAir A P128 or click 
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on Cancel if you would like to start over or edit your changes. 



Setting Up Accounts— Main Screen 

Each kind of connection between your LAN and the outside world 
involves an account. An account is a collection of data the 
ZoomAir AP128 uses to keep track of the external access settings. 

Follow these steps: 

From the main Configuration screen in WebManage, click on 
the Accounts button. The following page will display: 



ZoomAii API 28 Accounts 192.168.0.8 - Netscape 



File Edit View Go Window Help 



n 



Accounts 



Edit Accounts List (current number of users is 0) 

Edit 



Copy 



Delete 



Accounts List is Empty! H 



Cummulative PPP Usage 

Run report for | all users 



Add New Account: | ISP 



Hi and I - force clear 



pocument: Done 

Details for Filling In this Page 

The Accounts List is a drop-down box on the right. It will be 
empty at first; as you set up accounts, they will be listed in the 
box so that they can be edited, copied, or deleted. 

Add N ew Account 

The Add New Account button is next to a pull-down menu 
with the following choices: 

ISP — for setting up a new I nternet Service Provider account. 
0 nly one I SP is allowed. (See page 60.) 

Remote LAN — for setting up an account for a remote LAN . 
(Seepage 65.) 

Dial In User — for setting up accounts for your dial-in users 
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or telecommuters. (See page 72.) 

Other Buttons on this Page 

T he other buttons on this page allow you to manage your 
accounts once you have set them up. 

Edit— After account information has been entered, you can 
change it by selecting the account from the list on the 
main Accounts screen and clicking on Edit. 

Copy — The Copy button is useful for setting up multiple 
accounts without tedious re-entering of repeated 
information. If you want to create a new account 
based on an existing account, select the existing 
account from the list and click on the Copy button. 
This will display the existing account. Change the 
information as needed to create a new account. 

Delete — You can delete an account by clicking on an 
existing account and then on the Delete button. 

Run report for — Clicking on the Run report for button will 
generate a report of all activity for the accounts. You 
can select all or specific accounts. You also have the 
option of forcing a clearing of the usage information 
on all or selected accounts. 

Setting Up an ISP Account 

TheZoomAir AP128 can be configured for one ISP account. 
Follow these steps to set up an account with your ISP: 

To set up your I nternet Service Provider account, choose ISP 
and click on Add N ew Account. See the following 
illustration. This illustration shows part of the page. 
Depending on your browser setup and your computer's screen 
size and resolution, you may see more or less of this page. As 
you work your way down the page, use the scroll bar to the 
right of the page to show more of it. The instructions for the 
remainder of the page follow the instructions for the part that 
is visible in the following illustration. 
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Dial Out Method: 

N 0 Automatic D ial-0 ut M ethod — Select this option if you 
want users to manually dial out when they need to 
connect. 

Dial-on-Demand — Select this option if you want network 
users to be able to connect to the remote LAN 
whenever they request a connection. 

Persistent Connection — Select this option if you want a 
full-time "always on" connection to your I SP through 
your ISDN line. 

Note: When you enable Dial-on-Demand, you should also 
check the I die Timeout checkbox under Connection 
Limits and re-set the timeout value; otherwise, it will 
revert to the default timeout value of three minutes. 
The maximum timeout value is 999 minutes. 

Login Name — Type in the name by which your LAN will 
be recognized by the remote LAN . 

Password — Type in a password for connecting to the 
remote LAN . 

Confirm Password — Type the password a second time to 
confirm it. 
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1st Phone # — Type in the phone number to access the 
remote LAN . 



2nd Phone #— If the remote LAN allows for more than one 
access number, type in the second one. 

3rd Phone #— If the remote LAN allows for more than two 
access numbers, type in the third one. 

Authentication M ethod 

Choose an authentication method that ZoomAir AP128 will 
use for sending passwords. Your choices are CHAP only or 
CHAP or PAP as follows: 

CH AP only — U ser password is sent in encrypted form and 
is secure from line snoopers. 

CHAP orPAP - UsesCHAP or PAP depending on the 

settings or capabilities of the ISP. (PAP is a less secure 
method in which the password is sent as clear text and 
not encrypted.) 



Tip: 1 1 is always wise to choose the most secure method 
supported by your network and ISP. 



Filter Profile — If you are using filtering, select a profile from 
among the profiles you have established. You can 
leave this set at Profile 0 for now, until you decide on 
filtering. 

N ow continue with the rest of the page; you may have to scroll 
down to see the remaining items. See the following illustration. 
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IP Addressing Mode 

If your ISP provides an IP address each time you connect, 
leave Dynamic Assignment enabled. If you have purchased 
an I P address from your I SP, click on Static Assignment and 

then type in the address your I SP has assigned to you. 
Remember that Network Address Translation (NAT) is 
enabled automatically for ISP accounts. NAT simplifies and 
conserves I P addresses. It publicizes only one I P address to 
the outside world, keeping the multiple individual I P addresses 
of the LAN hidden behind the firewall. 

Protocol Permissions 

LZS Compression — Check this box to enable LZS 
compression to improve throughput. 

Connection Limits 

L imit session — A ctivate this setting by clicking on the 

checkbox if you want to limit the time your LA N can 
be connected to your I SP without having to dial out 
again. When the time limit is reached, the ISP will be 
logged off without warning. 

I die T imeout — A ctivate this setting by clicking on the 

checkbox. ZoomAir AP128 will log off your ISP if no 
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activity is detected for the time you specify. This can 
save on per-minute charges from your I SP and 
telephone company. 

Max Bandwidth - Choose 56K/ 64K for PPP connections 
or 112K/ 128K for M L-PPP connections using 
channel bonding. When 112K / 128K is chosen, the 
ZoomAir AP128 will connect the second channel 
according to the Bandwidth-on-Demand settings, 
below. Also, using the higher bandwidth does not 
preclude a separate connection (for example, by a dial- 
in user). If both channels are in use for an I nternet 
connection when a call comes in, one channel is 
dropped to take the call. When the dial-in user hangs 
up, the second channel is reconnected if the demand 
matches or exceeds the Bandwidth-on-Demand 
settings. 

Bandwidth-on-Demand 

Percentage — Set the percentage by which demand exceeds 
current bandwidth before the second channel is 
added. The default is 50%. 

Time— This is the time in seconds during which demand 
must exceed current bandwidth before the second 
channel is added. This time is set to prevent your 
I SD N line from adding a channel for momentary 
increases in demand. The default value is 3 seconds. 

Drop time — This value is the time in seconds that the higher 
bandwidth will be in effect after demand falls below 
the percentage that you have set. This time is set to 
prevent your I SD N line from dropping the second 
channel prematurely. 

Cumulative PPP Usage 

Although these settings are available, they are generally not 
useful for I SP connections. I f you do activate this feature by 
clicking on the checkbox, you can limit the amount of time a 
PPP connection can accumulate during the time specified in 
Clear usage (daily, weekly, monthly). 0 nee the PPP 
connection exceeds the cumulative time, the connection 
cannot be re-established until usage is cleared. If Manually is 
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chosen, the usage must be cleared in the Run Report section 
on the previous screen (click on the Back button to go there). 

Sending Changes to ZoomAir AP128 

Click on Save to send the changes to ZoomAir A P128 or click 
on Cancel if you would like to start over or edit your changes. 

Setting Up a LAN Account 

Follow these steps to set up a LAN account for either a dial-out or 
a dial-in remote LAN . 

Click on Accounts in the left-hand column to return to the 
main Accounts page. Select Remote LAN from the Add 
N ew Account drop-down menu, then click on Add N ew 
Account. See the following illustration. This illustration shows 
part of the page. D epending on your browser setup and your 
computer's screen size and resolution, you may see more or 
less of this page. As you work your way down the page, use the 
scroll bar to the right of the page to show more of it. 




Enable— Remote LAN connections are enabled by default. 
U ncheck the box if ZoomAir AP128 will not be used to 
connect to a remote LAN . 

Remote I P Address — Type in the I P address of the remote 
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LAN 



Remote N etmask — Type in the netmask of the remote 
LAN. 

Dial Out Configuration: 

E nable D ial 0 ut — M ake sure the checkbox is checked if 
ZoomAir AP128 will be dialing out to a remote LAN . 

Dial Out Method: 

N o Automatic D ial-0 ut M ethod — Select this option if you 
want users to manually dial out when they need to 
connect. 

Dial-on-Demand — Select this option if you want network 
users to be able to connect to the remote LAN 
whenever they request a connection. 

Persistent Connection — Select this option if you want a 
full-time "always on" connection to your ISP through 
your ISDN line. 



Note: When you enable Dial-on-Demand, you should also 
check the I die Timeout checkbox under Connection 
Limits and re-set the timeout value; otherwise, it will 
revert to the default timeout value of three minutes. 
The maximum timeout value is 999 minutes. 

Login N ame — Type in the name by which your LA N will 
be recognized by the remote LAN . 

Password — Type in a password for connecting to the 
remote LAN . 

Confirm Password — Type the password a second time to 
confirm it. 

1st Phone # — Type in the phone number to access the 
remote LAN . 

2nd Phone #— If the remote LAN allows for more than one 
access number, type in the second one. 

3rd Phone # — I f the remote LA N allows for more than two 
access numbers, type in the third one. 

N ow continue with the next part of the page; you may have to 
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scroll down to see the remaining items. 

Peer Router Dial In Configuration 

E nable D ial I n — M ake sure the checkbox is checked if you 
want ZoomAir AP128 to accept calls from a remote 
LAN. 

Login N ame — Type in the name of the remote LA N . 

Password — Type in the password the remote LAN will use 
for connecting to your LAN . 

Confirm Password — Type the password a second time to 
confirm it. 

Caller ID — The three settings for this are as follows: 

None — Caller ID is not used. 

Preferred — Caller I D is turned on for logging 
purposes, but the number does not need to match - 
the Caller ID # (see below). 

Required - Caller I D must match the Caller I D #. 

Caller ID #— Type in the number that Caller ID must 
match in order to establish a connection. 

Authentication M ethod 

Choose an authentication method that ZoomAir A P128 will 
use for checking passwords. Your choices are CH AP only and 
CH AP or PAP, as follows: 

CH AP only — U ser password is sent in encrypted form and 
is secure from line snoopers. 

CHAP or PAP - Uses CHAP or PAP depending on the 
settings or capabilities of the dial-in client. (PA P is a 
less secure method in which the password is sent as 
clear text and not encrypted.) 

Tip: 1 1 is always wise to choose the most secure method 
supported by your network. 

Filter Profile — If you are using I P filtering, select a profile 
from among the profiles you have established. You 
can leave this set at Profile 0 for now, until you decide 
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on filtering. 
Protocol Permissions 

IP Routing — This is checked by default. The user must have 
an I P address at the remote location to use the I P 
services of your LAN . 

Bridge N on-Routed Protocols — Check this box if your 
LAN supports non-1 P protocols such as I PX or 
NetBEUI. 

LZS Compression — Check this box to enable LZS 
compression to improve throughput. 

RIP Direction — The Routing Information Protocol (RIP) is 
widely used to route traffic using one routing metric 
(hop count) to measure the distance between the 
source and the destination network. N ormally you 
should leave the RIP Direction setting at its default, 
Both. You may want to disable RIP by selecting 
N one from the drop-down list if you need the 
additional security provided by static routing and are 
willing to maintain a Static Routing table (See 
I mplementing Additional N etwork Features, page .) 

Both — TheZoomAir AP128 broadcasts its routing 
table to the LAN and incorporates into its routing 
table routing information broadcast by other routers 
on the LAN . 

Accept — T he Z oomA ir A P 128 accepts routing table 
information broadcast by other routers on the LAN 
but does not broadcast its own routing table. 

Send — ZoomAir AP128 broadcasts routing 
information to the remote LA N but does not accept 
broadcasts from other routers on the LA N . 

N one —No routing information is exchanged. 
I nformation about routing is maintained in the Static 
Routing table. 

Rl P Version — The latest version of Rl P supported by 

ZoomAir AP128, RIP v2B, is the default. You do not 
normally need to change this setting. 
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2B - T he Z oomA ir A P 128 accepts R IP-land RIP-2 
messages, either broadcast or multicast. 1 1 sends Rl P-2 
messages in broadcast format. 

2M - T he Z oomA ir A P 128 accepts R IP-land Rl P-2 
messages, either broadcast or multicast. 1 1 sends Rl P-2 
messages in multicast format. 

1— TheZoomAir AP128 sends and receives only 
RIP-1 messages. This previous version of RIP does 
not work with discontinuous subnets because it does 
not send information about subnet masks. Use it only 
if you are connecting to another LA N that does not 
support version 2. 

N ow continue with the next part of the page; you may have to 
scroll down to see the remaining items. See the following 
illustration. 
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BjfZoomAii API 28 New Remote LAN Account -192.168.0.8 Netsc... HIslES 



File Edit View Go Window Help 



IP Addressing Mode 

r Use a Shared IP Address 

f* DYiiamic Assignment 
f~ Static Assignment: 



o.o.o.o 



r Use Multiple Mapped Addresses 
Connection Limits Bandwidth- on- Demand 



V Limit session to: 



l~~ Idle timeout at: 



10 



minutes Percentage: 
minutes Time: 



seconds 



Max Bandwidth: 56K^4K 



Drop Time: ibo seconds 



Cumulative PPP Usage 

r Limit usage to 
Current usage: 



60 



minutes 
minutes 



Clear usage: manually 



Last cleared: never 



Back 



Cancel Save 




IDocument: Done 



IP Addressing Mode 

T he I P A ddressing M ode allows you to enable N etwork 
Address Translation, or NAT, for remote LAN accounts. 

Use a Shared I P Address — Put a mark in the check box to 
enable NAT using a shared I P address provided by 
the remote LAN . 

Dynamic Assignment — Click on this if the remote 
LA N provides a new I P address each time it connects. 

Static Assignment — Click on this if the remote 
LA N permanently assigns an I P address (it must 
provide you with this information). 
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U se M ultiple M apped Addresses — E nable this check box 
if you want to use the explicitly mapped address as set 
up in the NAT section of WebManage. 

Connection Limits 

Limit session — Activate this setting by clicking on the 

checkbox if you want to limit the time your LA N can 
be connected to the remote LAN without having to 
dial out again. When the time limit is reached, the 
remote LA N will be logged off without warning. 

I die T imeout — A ctivate this setting by clicking on the 
checkbox. ZoomAir A P128 will log off the remote 
LA N if no activity is detected for the time you specify. 
This can save per-minute charges on your ISDN line. 

Max Bandwidth - Choose 56K/64K for PPP connections 
or 112K/ 128K for M L-PPP connections using 
channel bonding. When 112K / 128K is chosen, the 
ZoomAir A P128 will connect the second channel 
according to the Bandwidth-on-Demand settings, 
below. Also, using the higher bandwidth does not 
preclude a separate connection (for example, by a dial- 
in user). I f both channels are in use for a remote LA N 
connection when a call comes in, one channel is 
dropped to take the call. When the dial-in user hangs 
up, the second channel is reconnected if the demand 
matches or exceeds the Bandwidth-on-D emand 
settings. 

Bandwidth-on-Demand 

Percentage — Set the percentage by which demand exceeds 
current bandwidth before the second channel is 
added. The default is 50%. 

Time— This is the time in seconds during which demand 
must exceed current bandwidth before the second 
channel is added. This time is set to prevent your 
I SD N line from adding a channel for momentary 
increases in demand. The default value is 3 seconds. 

Drop Time — This value is the time in seconds that the 
higher bandwidth will be in effect after demand falls 
below the percentage that you have set. This time is 
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set to prevent your I SD N line from dropping the 
second channel prematurely. 

Cumulative PPP Usage 

I f you activate this feature by clicking on the checkbox, you 
can limit the amount of time a PPP connection can accumulate 
during the time specified in C lear U sage (daily, weekly, 
monthly). Once the PPP connection exceeds the cumulative 
time, the connection cannot be re-established until usage is 
cleared. If Manually is chosen, the usage must be cleared in 
the Run Report section on the previous screen (click on the 
Back button to go there). 

Sending Changes to ZoomAir AP128 

Click on Save to send the changes to ZoomAir A P128 or click 
on Cancel if you would like to start over or edit your changes. 

Setting Up a Dial-In User Account 

Follow these steps to set up a LAN account for a dial-in user (a 
telecommuter or another person in your organization who needs to 
dial in to your LAN ). 

Click on Accounts in the left-hand column to return to the 
main Accounts page. Select Dial In User from the drop- 
down menu, then click on Add N ew Account. See the 
following illustration. This illustration shows part of the page. 
Depending on your browser setup and your computer's screen 
size and resolution, you may see more or less of this page. As 
you work your way down the page, use the scroll bar to the 
right of the page to show more of it. The instructions for the 
remainder of the page follow the instructions for the part that 
is visible in the following illustration. 
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WZoomAir AP128 - New Dial In Usei Account -192.168.0.8 - Netsc... HBB 



File Edit View Go Window Help 



lew Dial In User Account 



Enable: W 



Dial In Configuration 



Login Marne 
Password: 



(required) 
(required) 
(required) 




AuthenticatiDn Method 



Filter Profile 



CHAP only U 



0 J 



|Document Done 



E nable — This box is checked by default; uncheck it if you 
do not intend to allow a remote user to dial in to your 
LAN. 

Dial In Configuration 

Login N ame — Type in the name of the user. 

Password — Type in the password the user will use for 
connecting to your LAN . 

Confirm Password — Type the password a second time to 
confirm it. 

I P Address — I f you have assigned the user an I P address at 
his or her remote location, type it in. 

Callback — E nable this feature if you want the added security 
of having ZoomAirAP128 dial out to auserwho has 
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dialed in. This ensures that your LAN can connect 
only to known numbers. 

Callback # — Type in the number that ZoomAir A P128 will 
dial to establish a connection with the remote user. 

Caller ID — The three settings for this are as follows: 

None — Caller ID is not used. 

Preferred — Caller I D takes precedence over the 
Callback N umber. 

Required — Caller ID must be used. 

Caller ID #— Type in the number that Caller ID must 
match in order to establish a connection. 

Authentication M ethod 

Choose an authentication method that ZoomAir A P128 will 
use for checking passwords. Your choices are CH AP only and 
CH AP or PAP, as follows: 

CH AP only — U ser password is sent in encrypted form and 
is secure from line snoopers. 

CHAP or PAP - Uses CHAP or PAP depending on the 
settings or capabilities of the dial-in client. (PA P is a 
less secure method in which the password is sent as 
clear text and not encrypted.) 



Hp: 1 1 is always wise to choose the most secure method 
supported by your network. 

Filter Profile — I f you are using I P filtering, select a profile 
from among the profiles you have established. You 
can leave this set at Profile 0 for now, until you decide 
on filtering. 

N ow continue with the rest of the page; you may have to scroll 
down to see the remaining items. See the following illustration. 



74 



Installation G uide: ZoomAir AP128 



BfZoomAir API 28 - New Dial In Usei Account 192.168.0.8 Netsc... HBE 



File Edit View Go Window Help 
I- ~ 



Protocol Permissions 

Enable IP Routing: 17 
Bridge Non-Routed Protocols: l~~ 




Connection Limits 



Bandwidth- on- D emand 



I - Limit session to: 



so 
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timeout at: 
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CumulatiYe PPP Usage 

l~ Limit usage to: | 6Q | minute 
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minutes 



Clear usage: | manually 



Last cleared: never 



Back 



Cancel Save 




Protocol Permissions 

E nable I P Routing — T his is checked by default. The user 
must have an I P address at the remote location to use 
the I P services of your LA N . 

Bridge N on-Routed Protocols — Check this box if your 
LA N supports non-1 P protocols such as I PX or 
NetBEUI. 

Connection Limits 

Limit session — Click this checkbox if you want to limit the 
time your LA N can be connected to a remote client. 
When that time limit is reached, the dial-in client will 
be logged off without warning. 
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I die T imeout — A ctivate this setting by clicking the 

checkbox. ZoomAir A P128 will log off its connection 
if no activity is detected for the time you specify. 

Max Bandwidth - Choose 56K/ 64K for PPP connections 
or 112K/ 128K for M L-PPP connections using 
channel bonding. When 112K / 128K is chosen, the 
ZoomAir A P128 will connect the second channel 
according to the Bandwidth-on-Demand settings, 
below. Also, using the higher bandwidth does not 
preclude a separate connection. If both channels are in 
use for a dial-in connection, the ZoomAir A P128 still 
can dial out to the I SP . 0 ne channel is dropped to 
take the call. 

Bandwidth-on-Demand 

Percentage — Set the percentage by which demand exceeds 
current bandwidth before the second channel is 
added. The default is 50%. 

Time— This is the time in seconds during which demand 
must exceed current bandwidth before the second 
channel is added. This time is set to prevent your 
I SD N line from adding a channel for momentary 
increases in demand. The default value is 3 seconds. 

Drop time — This value is the time in seconds that the higher 
bandwidth will be in effect after demand falls below 
the percentage that you have set. This time is set to 
prevent your I SD N line from dropping the second 
channel prematurely. 

Cumulative PPP Usage 

If you activate this feature by clicking on the checkbox, you 
can limit the amount of time a PPP connection can accumulate 
during the time specified in Clear usage (daily, weekly, 
monthly). Once the PPP connection exceeds the cumulative 
time, the connection cannot be re-established until usage is 
cleared. If Manually is chosen, the usage must be cleared in 
the Run Report section on the previous screen (click on the 
Back button to go there). 

Sending Changes to ZoomAir AP128 
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Click on Save to send the changes to ZoomAir AP128 or click 
on Cancel if you would like to start over or edit your changes. 

Remote Authentication Dial-In User 
Service (RADIUS) 

RAD IUS provides greater security than password protection for 
individual clients dialing in to your LAN . 

1 1 involves installing RA D I U S software on a separate server, thus 
offloading security and accounting functions to a central. The 
RA D I U S server allows you to set up a single database of 
usernames, passwords, permissions, and settings. You may want to 
use RA D I U S if you have a large number of users or multiple 
remote access servers that you want to administer centrally. 
RA D I U S is more reliable than maintaining accounts locally because 
its database can be saved, backed up, or printed. You can 
implement various security and accounting policies and create 
complex settings and permissions for different users. 

M any free and commercial packages for RA D I U S server software 
are available. 0 ne good commercial package is available from Funk 
Software (www.funk.com). Follow the installation and user 
instructions for whatever package you have decided to use. 

When you use RA D I U S, dial-in users are first checked against the 
user database in the ZoomAir A P128 accounts and then, if they are 
not found, against the RA D I U S server database. RA D I U S 
authentication cannot control whether the remote client uses PAP 
or C H A P, although the RA D I U S server requires that the Z oomA ir 
A P128 unit itself authenticate itself with a password ("shared 
secret"; see below) over CHAP. 

RA D I U S may limit the time of a particular session, but it cannot 
limit connection time on a daily, weekly, or monthly basis. 
Accounting information is kept in various formats, depending on 
the RA D I U S software you use. 0 ne common way is as a comma- 
delimited file that may be used in a spreadsheet program. 

A uthentication and accounting functions of RA D I U S may be 
enabled independently. 

To set up the ZoomAir A P128 as a RADIUS client, follow these 
steps: 
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M ake sure the Configuration button at the top is still 
highlighted. Click on the RADIU S button on the left of the 
screen. See the following illustration: 



ME 

File Edit View Go Window Help 



ZoomAir API 28 - RADIUS -192.168.0.240 - Netscape 



3 



RADIUS 



Authentication 



Enable: V 



Primary Server IP Address: 






Shared Secret: 
Confirm Shared Secret: 






Backup Server IP Address: 


0.0.0.0 




Shared Secret: 
Confirm Shared Secret: 









|Document: Done 



This illustration shows the top half of the RADIUS screen; 
your monitor may display more or less of this page. The 
following instructions are for what you see here; further 
instructions accompany the illustration below. 

Details for Filling In this Page 
Enable - Click this box to enable RAD I US. 

Primary Server I P Address — E nter the I P address of the 
server on which RA D I U S is installed and active. 

Shared Secret — E nter a password for use by the RA D I U S 

server. See your RA D I U S software documentation for 
acceptable password formats. 

Confirm Shared Secret — Type the password again. 

Backup Server I P Address — I f there is a backup server, 
enter its I P address here. 

Shared Secret — E nter a password for this server. 

Confirm Shared Secret — E nter the password again. 

N ow scroll down to reveal the remaining part(s) of the screen. 
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See the following illustration: 



/oomAii API 28 - RADIUS 


-192.168.0.240 - Netscape 




File Edit View Go Window 


Help 




|f, /,.„„■/ 



Accoumtiiig 



Enable: f~ 



Primary Server IP Address: 
Shared Secret: 


Q.D..O.D 






Confirm Shared Secret: 




Backup Server IP Address: 






Shared Secret: 
Confirm Shared Secret: 







Settings 

Timeout p | sec 

onds 

Retries [l | 




Cancel Save 



|Document Done 



Details for Filling In this Page 

Accounting — You can have RADIUS take care of 

accounting (logging user requests, etc.). Click on the 
check box to enable accounting. Then enter the I P 
address for the primary and backup accounting server, 
along with shared secret information. 

Settings — We recommend that you leave the default settings 
for timeout and number of retries. If you want a 
timeout and/ or number of retries other than the 
default values, enter the new values. 

Sending Changes to ZoomAir AP128 

Click on Save to send the changes to ZoomAir A P128 or click 
on Cancel if you would like to start over or edit your changes. 

What You Have Accomplished 

When you have finished Chapter 4, you have a wireless access 
point, afunctional ISDN WAN connection, and router features 
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enabled for your specific setup. You have also installed some 
security measures as you enabled various features. For instance, 
your ISP account, if you activated it, includes password protection, 
most likely using encryption. Y our LA N account and individual 
dial-in accounts, if any, also have password protection. 

Other features are delivered as default settings for the ZoomAir 
AP128. For example, Network Address Translation, or NAT, is 
automatically activated for your I SP account. That means that the 
I nternet "sees" only the I nternet address assigned by your I SP. 
I ndividual addresses on your LA N are hidden from the outside 
world. 

I n the following chapter, you can modify the network access 
settings for the computers on your LA N . 
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5 

Implementing Additional 
Network Controls 

In setting up your ZoomAir AP128 as a wireless access point 
and as an ISDN router with Internet or remote LAN access, you 
have already ensured access to your LAN by your network's 
members and provided security measures to keep out 
snoopers. In this chapter, you have the option of configuring 
additional network access control features. 

The topics covered in this chapter are as follows: 

• Basic access and security— what you already have. 

• Dynamic Host Configuration Protocol (DHCP). 

• Network Address Translation (NAT). 

• Static routes. 

• IP filtering. 

Basic Access and Security— What You 
Already Have 

The installation and setup you have done in Chapters 1 through 4 
have already enabled most of the basic access and security features 
in your ZoomAir AP 128. 

• Your ISP has provided you with a fixed or dynamic I P address 
that is not shared with anyone; you have established a 
password that may be transmitted in encrypted form; and your 
private LA N addresses are "translated" by N etwork Address 
Translation (NAT) into the single IP address used by your ISP. 

• I f you are connecting to a remote LA N over your I SD N 
service (either dial-out or dial-in), you are using passwords. 
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You may also be using Caller ID to verify the identity of a dial- 
in remote LAN . 

• I ndividual dial-in clients in your organization are authenticated 
with passwords (most likely encrypted) and may be using Caller 
ID and callback features. 

Additional Access and Security 

You may not need to go any further than the steps described 
above, especially if you're using the ZoomAir A P128 in a home or 
small stand-alone office. Under certain circumstances, however, 
you may want to modify or enhance your setup using the built-in 
WebManage utility. 



Hp: As with the ISDN and WAN setup descriptions in 

Chapter 4, some of the concepts and settings here can 
become quite complicated. You may wish to use a 
consultant or networking technician for some of these 
options. We encourage you to read through this chapter 
and determine your needs and capabilities. 

H ere is an outline of the options: 

Dynamic Host Configuration Protocol (DHCP) 

E ach of your network devices must have an I P address. E ither you 
must enter these addresses manually at each client and server, or 
they can be provided automatically by a D H CP server built into 
one of the network devices. For a network with 20 or fewer clients 
(wired and wireless combined), the D H CP server gives you the 
ability to add new wired and wireless clients without having to 
figure out new I P addresses for them. The default installation of 
the ZoomAir A P 128 on an all-wireless network does not enable its 
DHCP server. 

Network Address Translation (NAT) 

NAT "translates" the IP addresses of the computers on your LAN 
into one I P address, managing traffic to and from individual clients. 
It is turned on by default in the ZoomAir A P128 for your ISP 
account. 
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Static Routes 

If you are connecting the ZoomAir A P 128 to one or more other 
routers, you can exchange routing information automatically with 
the other routers via the Routing I nformation Protocol, or RIP. 
This is the default setting for the ZoomA ir A P128. You may also 
create and maintain routing information manually using static 
routes. 

IP Filtering 

I P filtering prevents or allows data to flow to and from particular 
computers on your LAN or from ISD N . For instance, you can 
allow incoming requests for files to go to a specific computer that 
is acting as a file server, or you can restrict access to the I nternet to 
certain people in your organization. 

Starting Web Manage 

All the features in this chapter are managed via the ZoomAir 
AP128'son-board WebManage utility. You can start Web Man age 
from any computer on your LA N . 0 n a wireless client installed at 
the same time as theZoomAir AP128, a WebManage icon was 
placed on the desktop; click on it. I f there is no WebM anage icon, 
start your I nternet browser, type 192 . 168 . 0 . 240 (or the I P 
address you have assigned to it in Phase 2B) in the address box and 
press E nter. 

I f this is the first time you have used WebM anage, you will be 
asked for certain administrative information, such as a user name 
and password. You can read the details of this procedure by 
referring back to the section Using WebM anage to Change the 
IP Address of Zoom Air AP 128 on page 36. 

Dynamic Host Configuration Protocol 
(DHCP) 

D H C P is a feature that allows one device to assign (lease) I P 
addresses to hosts, or clients, on a network. I P addresses are 
assigned as needed to active clients (computers and network 
devices). The clients are configured dynamically— at the end of a 
lease period, the client must renew the lease. Also, the D H CP 
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server reuses addresses from inactive clients and reassigns them. 
The addresses are part of an address pool configured into the 
server. 

When To Implement DHCP 

When you first installed theZoomAir A P128 in an all-wireless 
network (Chapter 1), you had the option of enabling DHCP. This 
allowed you to install the wireless clients without having to figure 
out I P addresses. I f you are installing an all-wireless network or a 
new wireless and wired network (as in Chapter 2), enabling DHCP 
makes a lot of sense. N ew wired and wireless clients can be added 
to your network, configured as D H CP clients, and automatically 
get IP addresses from theZoomAir A P 128. Depending on the size 
and complexity of the wired portion of your network, you may 
have kept DHCP enabled or disabled it in Phase 2B of Chapter 2. 

If you ever need to enable or disable D H CP or change its settings, 
you can do so by following the instructions in this section. The 
Z oomA ir A P 128 D H C P server can assign I P addresses 
dynamically, leasing addresses from an address pool, or statically, 
with each client being assigned a permanent address that is 
controlled from WebManage. 

Enabling DHCP 

Follow these steps: 

From the Configuration screen of WebM anage, click on the 
DHCP button on the left of the screen. The DH CP screen 
will appear. See the following illustration: 
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pocument: Done 



Details for Filling In this Page 

Click on the checkbox next to Enable DHCP Server. 

If you want D H CP to work with all of its defaults, you can 
click on the Save button to complete the operation. If you 
need to modify the defaults or simply want to review their 
settings, continue with the next section 

Dynamic Address Assignment Pools 

If you want to review or change the addresses in the DHCP 
assignment pools, click on Dynamic Address Assignment 
Pools. 

Details for Filling In this Page 

The first pool is configured with a set of addresses compatible 
with the fixed addresses that are installed with ZoomAir 
clients. You can establish additional pools if you need them— 
for example, different pools for different functional groups, 
such as Sales, Manufacturing, and Administration. Having 
separate pools may make network maintenance more 
convenient. 



Note: If you intend to expand on the default addresses 
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provided by ZoomA ir, the first three elements of the 
address— 192 .168. 0— must be the same. Also 
note that, in the default ZoomAir installations, there 
are certain addresses you should avoid. 0 ne is 
192 . 168 . 0 .240, which is the address of the 
ZoomAir AP128 unit itself. Also, do not use 0 or 
255; these are reserved. 

Click on the Bootp checkbox if D H CP will be serving 
addresses to an older network that uses this protocol. I n most 
new networks, you can leave this box unchecked. 

You can enter new Lease Times, but the defaults should 
work in almost any network. 

N ow scroll down to reveal the rest of the screen and to view 
your choices: 

Details for Filling In this Page 

Subnet M ask — By default, this should be 

255. 255. 255.0. If it is not, type it in. 

DNS 1 Address— If you have an account with an ISP, enter 
its D N S address here. 

DN S 2 Address— If your ISP has provided you with a 
second address, enter it here. 

DN S3 Address— If your ISP has provided you with a third 
address, enter it here. 

Router 1 Address — This should be the address of your 

ZoomAir A P128 unit. If you have not changed it, the 
address should be 192 . 168 . 0 . 240. 

Router 2 Address — I f your LA N is connected to a remote 
LAN , and the remote router is a D H CP server, enter 
the I P address of the remote router. This will serve as 
a backup if your ZoomAir AP128 encounters a power 
failure or is otherwise taken off-line. 

Domain Name— You can enter a name for your DHCP 
server here. 

Sending Changes to ZoomAir AP128 

Click on Save to send the changes to ZoomAir A P128 or click 
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on Cancel if you would like to start over or edit your changes. 
When you have finished, click on Basic Settings to get back 
to the original DHCP screen. 

Static Address Assignment 

You can also use D H CP to serve static addresses to the clients 
on your network, rather than "leasing" addresses from a pool. 
This involves more work to set up and maintain, but it gives 
you an additional measure of security. With static assignments, 
you can control who is allowed to have an I P address on your 
network. 

For each client that you want to assign a static address, click on 
a number from the drop-down list and then on the E dit Static 
Address Assignment button. 

Details for Filling In this Page 

Click on the E nable checkbox and then fill in the remaining 
information. For the HW Address, you will need to get the 
MAC (Media Access Control) address from theZoomAiror 
Ethernet card on each client. 

I P Address — Type in the I P address to be assigned to this 
client. 

Subnet M ask — By default, this should be 

255.255 . 255 . o. If it is not, type it in. 

Domain Name — You can enter a name for your DHCP 
server here. 

Router 1 Address — This should be the address of your 

ZoomAir AP128 unit. If you have not changed it, the 
address should be 192 . 168 . o . 240. 

Router 2 Address — I f your LA N is connected to a remote 
LAN , and the remote router is a D H CP server, enter 
the I P address of the remote router. This will serve as 
a backup if your ZoomAir AP128 encounters a power 
failure or is otherwise taken off-line. 

DNS 1 Address — If you have an account with an I nternet 
Service Provider, enter its D N S address here. 

DN S 2 Address— If your ISP has provided you with a 
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second address, enter it here. 

DN S3 Address— If your ISP has provided you with a third 
address, enter it here. 

Sending Changes to ZoomAir AP128 

Click on Save to send the changes to ZoomAir A P128 or click 
on Cancel if you would like to start over or edit your changes. 

Network Address Translation (NAT) 

Network Address Translation (NAT) manages traffic to and from 
the individual I P addresses on your LA N , yet presents just one I P 
address to the "outside world." This protects your network 
members from intrusion and snooping while allowing them to surf 
the I nternet, send e-mail, and connect to remote LA N s. 

By default, NAT is enabled on the ZoomAir A P 128 for your ISP 
account. This provides important firewall protection for the clients 
and servers on your LA N . I n the most typical case for small 
networks, your I SP supplies a valid I P address when you connect. 
This becomes the address that your ZoomAir A P128 uses for 
connections to I nternet sites and is the only address that anyone on 
the I nternet "sees." When someone on your LA N accesses the 
I nternet, N AT keeps track of the local address and routes data 
back and forth between the local address and the I nternet. 

You can also activate NAT if you have purchased an I P address 
from your ISP and it is likely that you intend to be connected to 
the I nternet all the time. I n that case, you can provide your I P 
address to customers or members of your organization so that they 
can access your LA N by typing your I P address in their browser. 
That way, they can reach a server on your network that provides a 
Web page, FTP file transfers, and so on. 

N AT controls access to your LA N by translating access requests to 
your "public" I P address into the local I P addresses of the servers 
on your LAN . This allows you to establish, for instance, an FTP 
server on your LA N without exposing its local address to outside 
callers. 

With Shared IP Address Mapping, incoming calls are routed by 
type to the servers on your LA N . This is accomplished by using 
well-known port numbers that correspond to certain functions. 
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With Static One-to-One IP Address Mapping, N AT maps calls 
to specific static addresses to the private server addresses on your 
LAN. 



NAT and RIP 

When NAT is active, you don't want the ZoomAir A P 128 to 
propagate its I P address to the I nternet or to a remote LA N . 
Therefore, the Routing Information Protocol (RIP), if enabled, is 
automatically turned off. 

Follow these steps to configure your NAT settings: 

From WebM anage's Configuration screen, click on the NAT 
button on the left of the screen. The NAT screen will appear. 
See the following illustration: 



^ZoomAir AP128 NAT 192.168.0.240 Netscape 



File Edit View Go Window Help 



n 



NAT 




Shared IP Address Mapping 
Static One-to-One IP Address Mapping 



Cache Timeouts 



Document: Done 



Click on the button for the kind of mapping you want- 
Shared I P Address M apping or Static 0 ne-to-0 ne I P 
Address M apping. Following are instructions for each. 



Shared IP Address Mapping 



From the main NAT page, click on the Shared IP Address 
Mapping button. See the following illustration: 
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feZoomAir AP128 - NAT Shared Address Mapping -192. 



File Edit View Go Window Help 



I- A 

NAT 



NAT Shared Address Mapping 



This form allows mapping of TCP orUDP ports to fried IP 
addre sses onthe LAN . C ertain networking proto c ols may not 
work correctly when run over NAT. There is nothing you can do 
about this. 



Default Local Server Address: Q - 0 - 0 - Q 



Server Protacol Port 



Server Address 



1 

2 
3 
4 
5 
6 
7 
S 
9 
10 



NAT Main 



Cancel 



Save | 



TCP » | 0 


0.0.0.0 


TCP J*J 0 


0.0.0.0 


TCP 0 


0.0.0.0 


TCP _t| 0 


0.0.0.0 


TCP J*J 0 


0.0.0.0 


TCP » | 0 


0.0.0.0 


TCP J*J 0 


0.0.0.0 


TCP 0 


0.0.0.0 


TCP _t| 0 


0.0.0.0 


TCP J*J 0 


0.0.0.0 



IDocurnent: Done 



Details for Filling In this Page 

Default Local Server Address — E nter the I P address of a 
local server to which outside requests will go if there is 
no match with any server in the server list. 

N ow enter information for each server (computer) on your 
LA N to which an outside user LAN might have access. Y ou 
may have separate servers, for example, for FTP access, a mail 
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server, an H TT P server, and so on. N AT determines the local 
destination by specifying the protocol and port. 

Some typical protocols and ports are listed below: 



Port 
Number 


Process 
Name 


Protocol 


Description 


21 


FTP 


TCP 


File Transfer Protocol 


23 


Telnet 


TCP 


Telnet 


25 


SMTP 


TCP 


Simple Mail Transfer Protocol 


37 


Time 


TCP 


Time 


53 


Domain 


UDP 


Domain N ame Server (DNS) 


80 


HTTP 


TCP 


Hypertext Transfer Protocol 


109 


PO P2 


TCP 


Post Office Protocol v2 


110 


PO P3 


TCP 


Post Office Protocol v3 


119 


NNTP 


TCP 


N etwork N ews Transfer Protocol 


123 


NTP 


UDP 


Network Time Protocol 



Sending Changes to ZoomAir AP128 

Click on Save to send the changes to ZoomAir A P128 or click 
on Cancel if you would like to start over or edit your changes. 
When you have finished, click on NAT Main to get back to 
the original NAT screen. 

Static One- to-One IP Address Mapping 

Static mapping is implemented when you have purchased more 
than one I P address and want to map them to specific 
destination. N ote that this kind of mapping does not depend 
on protocol or port information. 

From the main NAT page, click on the Static One-to-One IP 
Address M apping button. See the following illustration: 
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-■ ZoomAir AP12S - NAT One-to-One IP Address Mapping -1 92.1 G8. 0.240 - Netscape PJSES 



File Edit View Go Window Help 



E 



NAT One-to-One IP Address Happing 



Enable Assigned External 
Address 



Mask 



Local Internal Address 





255.255.255.255 



255.255.255.255 



255.255.255.255 



255.255.255.255 



255.255.255.255 



255.255.255.255 



255.255.255.255 



255.255.255.255 



255.255.255.255 



255.255.255.255 




NAT Main | 



Cancel | Save | 



|Document: Done 



Details for Filling In this Page 

For each assigned external I P address that you provide to 
remote users, enter the local internal I P address of the server 
you want them to have access to. Then click on the checkbox 
under E nable to enable the mapping. 

Assigned E xternal Address— Type in the purchased I P 
address. 

Mask — You can leave this setting as-is. 

Local I nternal Address — Type in the local address on your 
LAN to which remote requests should go. 

Sending Changes to ZoomAir AP128 

Click on Save to send the changes to ZoomAir A P128 or click 
on Cancel if you would like to start over or edit your changes. 
When you have finished, click on NAT Main to get back to 
the original NAT screen. 
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Cache Timeouts 

Clicking on the Cache Timeouts button will display the default 
cache expiration time (in seconds) for each type of message packet 
protocol: TCP, UDP, I CM P, and DN S. The cache timeout period 
is the length of time that theZoomAir AP128 unit will hold a 
packet in its cache prior to transmittal; once that time period has 
elapsed, the cache will be flushed and the packet will be lost. Y ou 
can change a cache timeout period by entering a new value and 
clicking on the Save button. 

Static Routes 

N etworks with multiple routers keep track of the router addresses 
in a routing table, which each router maintains in its on-board 
memory. This routing table can be maintained dynamically, with 
the Routing I nformation Protocol (RIP); statically, by using the 
fixed addresses of the routers on your network; or with some 
combination of Rl P and static routes. 

For most simple networks, you need neither RIP nor static 
routing— for instance, if theZoomAir A P 128 is the only router on 
your network, and there is no remote router to which it will be 
connecting (other than an ISP). If ZoomAir AP128 is being used 
to connect to a remote network, you should still be able to use Rl P 
to exchange routing information. 

Even in moderately complex networks, in which one or both 
segments involve subnets, Rl P can maintain the routing 
information. The latest version of Rl P, v2, keeps track of subnet 
masks as well as the I P addresses. 

You may want to use static routing, however, if you communicate 
with remote router(s) and reliability and security are major 
concerns. Rl P, although convenient, is not a secure protocol; any 
device sending messages from the Rl P port would be considered a 
router by its neighbors. You should also consider static routing if 
ZoomAir A P128 is routing to another LAN that supports only RIP 
vl. 

N ote that Rl P and static routing can coexist. If Rl P is enabled, its 
routing information will supersede the settings in a static routing 
table if the dynamic route is shorter than the static route. 
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Follow these steps to configure static routing: 

M ake sure the Configuration button at the top is highlighted. 
Click on the Routes button on the left of the screen. See the 
following illustration: 



ZoomAir AP128 - Routes -192.1 G8. 0.240 - Netscape 



File Edit View Go Window Help 



MB 




Routes 



Default Gateway] 0 - 0 - 0 - 0 



Static Routes 

Netrnask 



Next Hop Metric 




Details for Filling In this Page 
Default Gateway 

If you are connecting to an ISP, leave this set at all zeros. If 
you are connecting to a remote LA N , enter that address here. 

Static Routes 

For each remote router you want to include, enter information 
about its Destination, N etmask, N ext hop, and Metric. 

Destination — Type in the IP address of a router at the final 
destination. 

N etmask — Type in the netrnask for this destination address. 

N ext H op — Type in the I P address of the next router on the 
way to the Destination. 

Metric — Type in a number representing the number of hops 
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to the destination (range: 1 to 16). This is not a precise 
number based on counting the number of routers 
from theZoomAir AP128 to the destination router. It 
is a way of creating relative preferences among other 
available routes. If there are multiple routes to the 
same destination, ZoomAir AP128 will take the route 
with the lowest metric. 

Private — Check this box if you do not want Rl P to 
broadcast information about this route. 

Repeat this process for all other routers for which you want to 
provide static routing information. If you make a mistake and 
need to start over, or when you are ready to send your changes 
to ZoomAir A P 128, you may need to scroll down to seethe 
Cancel and Save buttons. 

Sending Changes to ZoomAir AP128 

Click on Save to send the changes to ZoomAir A P128 or click 
on Cancel if you would like to start over or edit your changes. 

Filtering 

Filtering enables you to implement security for your network by 
preventing unwanted network traffic. Filtering is based on user- 
defined rules that manage network traffic by allowing or blocking 
incoming packets. The information contained within a packet 
allows this filtering to take place. I n addition to the data, the packet 
includes the source and destination addresses and the protocol 
type, such as I P or TCP. 

The most basic filter, activated by default, blocks " spoof ers." 
Spoofing is the transmitting of packets with false source I P 
addresses that look like they come from inside the local network. 
ZoomAir A P128 blocks spoofed packets by verifying that the 
packet's source address comes from inside the LAN ; if it doesn't, 
the packet is rejected. 

If you haveasmall network in which ZoomAir AP128 provides 
I nternet access for everyone through an I SD N line, you most likely 
do not need filtering beyond the blocking of spoofers. Filtering is 
more suitable for managing traffic between your LA N and a 
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remote mail server, between dial-in users and an FTP or HTTP 
server on your LAN , and so on. 

N ote: Filtering can grow to be very complex. M istakes are easy to 
make and hard to detect. Also, an extensive set of filters 
can slow down the speed of a network considerably. 

If you are using your LAN for dial-in access to an FTP server, mail 
server, and the like, we recommend that you consult a networking 
professional for assistance. Security measures can include I P 
filtering in conjunction with other technologies that balance speed, 
security level, cost, and maintainability. 

Filter Profiles and Rules 

Y ou can create as many as five filter profiles, to be applied for 
different purposes in your LAN . 

A filter profile comprises a series of rules that tests a packet for 
specific information about its source and destination I P address 
and its protocol. I f a rule matches the information in the packet, 
some action is taken, such as blocking or allowing the packet. N o 
further comparisons are made— the packet is allowed either to pass 
into or out of the LA N or it is dropped. I f the filter does not match 
any of the information in the packet, the packet is passed on to the 
next rule. 

Rules are divided into two types: input and output. Each profile 
can have a maximum of 20 input and 20 output rules. 0 ne profile 
is allowed per connection. 

Filtering may be positive or negative. A positive filter allows any 
packet that is not explicitly blocked. A negative filter blocks any 
packet that is not explicitly allowed. N egative filtering is a basic 
firewall technique, which follows the philosophy, "If you don't 
have to let it in, don't." N egative filtering is, in most cases, 
preferable because it is easier to specify and less likely to leave 
security holes. 

N ote the following basics about filter rules: 

• Rules are expressed as I P addresses and wildcard masks in 
"dotted decimal" notation. 

• The wildcard masks are not the same as subnet masks. A 
wildcard mask specifies a range of I P addresses. 
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S A wildcard of 255 . 255 . 255 . 255 means "compare all 
bits in the I P address," that is, restrict the match to a single 
I P address. 

s A wildcard of 0 . 0 . 0 . 0 means "don't compare any bits 
in the I P address," that is, allow everything. 

S A wildcard of 255 . 255 . 255 . 0 when applied to LAN 
addresses means "compare only the bits in the first three 
bytes," that is, allow everyone on the LA N , but only on 
the LAN. 

• I f a packet passes through all the rules in a filter without 
matching any of the rules, it is allowed. If you want to block 
any remaining non-matching packets, you must configure the 
last rule to block all packets. M any network administrators 
consider this a good practice to follow. 

The details of these settings will become clear as you proceed 
through the configuration pages. 

Settings for the Main Filters Page 

Follow these steps: 

M ake sure the Configuration button at the top is still 
highlighted. Click on the Filters button on the left of the 
screen. See the following illustration: 
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^ZoomAir AP128 - Filter Settings -192.168.0.240 



File Edit View Go Window Help 




Filter Settings 



Block Spoofers: r 
Web Manage Address 



Web Manage Mask: 



□ 


□ 


0 


0 




□ 


□ 


0 


0 



Edit Profile 1 1 j*J Input Rules 



Cancel 



Save 



Document: Done 



Details for Filling In this Page 

Block Spoofers — We recommend that this box be checked 
to enable blocking of spoofers. 

WebM anage Address — T his is the address of the client PC 
you use to run the WebM anage program. This should 
be 192 . 168 . 0 . 250 or whatever you have set it to. 
The purpose of listing the WebM anage address here is 
to keep filter rules from preventing access to 
WebM anage. I f you change this address, that address 
will lose access to WebM anage until you re-establish 
its address. To do so, connect a computer to the 
ZoomAir AP128 Console port and enter the 
commands from the command line. For console 
command documentation, see Appendix B on page 
115. 

WebM anage M ask — This should be 

255 . 255 .255 . 255. N ote that it is not the Subnet 
M ask assigned to WebM anage. 
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Sending Changes to ZoomAir AP128 

Click on Save to send the changes to ZoomAir A P128 or click 
on Cancel if you would like to start over or edit your changes. 

Editing Input Rules 

I nput and output rules are set up as part of profiles. To begin a 
new profile or edit an existing one, follow these steps: 

From the Filter Settings page, choose a filter profile (1-5) to 
edit and choose Input Rules. Then click on the Edit Profile 

button. See the following illustration: 



ZoomAir AP128 - Filter Profile 1 Input Rules 1 92 1 G8. 0.240 - Netsc. HBES 



File Edit View Go Window Help 




|^| |Document: Done 



This page summarizes the input rules for this profile and gives 
you some options. When you first access this page, the Rule 
Summary will be as it appears here. 

Click on the Generic E dit button. Y ou'll see the following 
illustration: 
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jgfZoomAir AP128 Filler Profile 1 Input Rule 1 192.1G8 0 240 Nets... HQES 




|^| |Document: Done 



Details for Filling In this Page 

Offset — Type in the starting byte of the data portion of the 
packet that you want to compare. The range is 0 to 
255. 

Length — Type in the byte count of the data portion of the 
packet that you want to compare. The range is 0 to 8. 

Mask — Type in thebitmask (in Hexadecimal) to apply to the 
data portion before the comparison is made. 

Value — Type in the value (in H exadecimal) to compare with 
the data. 

Log — Check this box to enable activity logging. 0 nly packets 
that match the filter rule parameters will be displayed. 

Action — Choose one of the following actions: 

allow — The packet goes through if it matches the 
filter rule. The packet is accepted and is not forwarded 
to the next filter rule. The next packet is then 
examined. If the packet does not match, the next rule 
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is applied to it. 

block — The packet is dropped if it matches the filter 
rule. If it does not match the rule, the next rule is 
applied to it. 

ignore — The rule itself is ignored, and the packet is 
passed on to the next rule. This action is useful in 
testing a filter set. 



Note: When a packet has been allowed or blocked, no other 
rules apply to it. This is a very important point to 
remember, especially for allowed packets. 0 nee a 
packet is allowed, it cannot be blocked by a later rule, 
even if it matches the conditions of that rule. 



Comment — Type in a comment describing the intended 
effect of the rule. This can be valuable in debugging 
rules when they are being created and in maintaining 
them later on. 

Click on Save to send the changes to ZoomAir AP128 or click 
on Cancel if you would like to start over or edit your changes. 
Then click on the Back button to go back to the main Filters 
page. Click on the IP Edit button to edit the rule. Seethe 
following illustration: 
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ZoumAir API 28 - Filtei Profile 1 Input Rule 1 -192.168.0.240 - Netscape 



File Edit View Go Window Help 




Details for Filling In this Page 

Source Address — Type in the I P address of the client you 
want to filter. 

Source M ask — Type in the wildcard mask of the source 
client. 

Destination Address — Type in the I P address of the client 
on your LA N for which packets are to be filtered. 

Destination Mask — Type in the wildcard mask for the 
destination client. 

Log — Check this box to enable activity logging. 0 nly packets 
that match the filter rule parameters will be displayed. 

I P Protocol — Type in the number that identifies a specific 
TCP/ 1 P protocol. The following table contains some 
common protocols. You can find more in RFC 1700, 
Assigned Numbers, by J. Reynolds and J. Postel 
(October 1994). 
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1 



I CMP 



5 


STREAM 


6 


TCP 


8 


EGP Any private interior 




gateway protocol 


11 


Network Voice Protocol 


17 


UDP 


20 


Host Monitoring Protocol 


22 


XNS IDP 


27 


Reliable Data Protocol 


28 


Internet Reliable Transport 




Protocol 


29 


ISO Transport Protocol Class 
4 


30 


Bulk Data Transfer Protocol 


61 


Any Host Internal Protocol 


89 


OSPF 



Source Port, Destination Port — For each rule, specify a 
TCP orUDP port. The Source and Destination Ports 
are for TCP and UDP protocols only. They allow 
rules to be created that are specific to TCP or U D P 
source or destination port numbers. I ndividual 
network services may be associated with specific TCP 
or U D P port numbers; for example, HTTP 
connections are typically initiated by opening a 
connection with TCP port 80 on the HTTP server. A 
port number can be between 0 and 65535. 1 n setting 
port numbers use one of the following formats: 

• To specify one port number, enter an integer 
value. 

• To specify a range of ports, enter two integers 
separated by a hyphen with no spaces. The range 
includes the values entered. 

To specify the top of the range (65535), you can use an asterisk 
(*). For example, 910-* is the same as 910-65535. Using* 
alone refers to all ports. 
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TCP E stablish — Click on this check box to indicate that a 
filter should be applied only if a TCP session is already 
established. 

Action — This is where you indicate what the rule is to do: 
allow, block, or ignore. 

allow — The packet goes through if it matches the 
filter rule. The packet is accepted and is not forwarded 
to the next filter rule. The next packet is then 
examined. If the packet does not match, the next rule 
is applied to it. 

block — The packet is dropped if it matches the filter 
rule. I f it does not match the rule, the next rule is 
applied to it. 

ignore — The rule itself is ignored, and the packet is 
passed on to the next rule. This action is useful in 
testing a filter set. 



Note: When a packet has been allowed or blocked, no other 
rules apply to it. This is a very important point to 
remember, especially for allowed packets. 0 nee a 
packet is allowed, it cannot be blocked by a later rule, 
even if it matches the conditions of that rule. 

Comment — Add a comment or description of the rule. 

When changing or debugging a rule, a statement of its 
intended effect can be an important aid. 

Click on Save to send the changes to ZoomAir AP128 or click 
on Cancel if you would like to start over or edit your changes. 
Then click on the Back button to go back to the main Filters 
page. Click on another rule and then on the IP Edit button to 
edit the rule. Continue until you have entered the rules you 
need for this profile. 

Editing Output Rules 

The procedure for writing output rules is very similar, except the 
purpose is different (allowing or blocking access of your network 
members to devices outside the network) and the source and 
destination are reversed. For detailed examples of filter rules, see 
Appendix D . 
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6 

Monitoring the ZoomAir AP128 

You can use the on-board WebManage utility on the ZoomAir 
AP128 to monitor its LAN and WAN performance. The monitor 
screeens in WebManage show you the state of the ZoomAir 
AP128 and its connections. 

This chapter covers the following topics: 

• Q uickView. 

• Connections. 

• IP routes. 

• NAT cache. 

• DHCP. 

• Activity log. 

• Diagnostics. 

Accessing Monitor in WebManage 

Activate WebM anage by clicking on the WebM anage icon on the 
desktop of one of the computers connected to your wireless LA N . 
I f you do not have this icon on the computer you want to use, you 
can activate WebM anage by entering its I P address from your 
browser. U nless you have changed this address, it is the default 
192 . 168 . 0 .240. Click on the Monitor button on the top of 
the page. The buttons down the side of the page will change; the 
following sections deal with each button in order. 

Q uickView 

When you click on the Q uickView button, you will see an image 
of the front panel of theZoomAir AP128 unit, including its LED 
display. You will also see several entries depicting the amount of 
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nnected": the connection is established. 

Disconnect — Click on this button if you want to terminate the 
connection. 



IP Routes 



The top of the I P Routes page shows the I P routing table currently 
active in theZoomAir AP128 unit. Use this information to debug 
an I P internetwork or discover which networks are being 
propagated with R I P. The bottom of the page shows the state of 
the TCP sockets, including the local and remote address and the 
following details: 

State - the state of the IN PUT side of theTCP connection. 

OState- the OUTPUT state. 

RWin — the current size of the receive window. 

SWin — the current size of the send window. 

UnAck — the number of unacked bytes sent. 

NAT Cache 

This page displays details of the N AT cache, including the 
following data: 

Protocol — this will always be TCP. 

I nside Source — the I P address of the local machine. 

Outside Source — the network-enabled IP address. 

Destination — the I P address of the FT P server. 

E xpi ration (sees) — the time remaining before the connection 
will be terminated. By default, the expiration time period is 7500 
seconds. 
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DHCP 

The DH CP button will take you to a screen listing the status of all 
DHCP Dynamic IP Address Assignments. This page summarizes 
which local hosts have dynamic I P addresses including the 
following details: 

State — tells whether the assignment is enabled or not for this 
host. One of three states will be listed: Offer, Bound, or Expired. 
Offer: when the assignment is "in process;" Bound: when the 
MAC address has been bound to an I P address; Expired: when the 
lease time has run out. 

Time — the time stamp indicating when the lease began. 

E xpire (hr.) — the length of time the lease is valid. 

H W Address — the hardware address (MAC address) of the host. 

I P Address — the I P address assigned to the host. 
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Activity Log 

The Activity Log shows which routers and users have been 
connected and for how long. Each entry is stamped with a date and 
time. The Log also shows failed connection attempts as well as the 
reason for disconnect, to the extent possible. The Activity Log is 
useful for troubleshooting. 

Diagnostics 

The D iagnostics page shows detailed information about the 
functioning of theZoomAir AP128. It is useful as a 
troubleshooting tool; if you need to contact your vendor or Zoom 
Technical Support, for help, you should include the log from the 
D iagnostics page in your e-mail message or fax. 



6 Monitoring the ZoomAirAP128 



109 



7 

Maintaining the Firmware 

Maintaining the firmware on the ZoomAir AP128 board is 
simple and consists of the following procedures: 

• Updating the firmware with new code. 

• Restarting the ZoomAir AP128 unit. 

Accessing Maintenance in WebManage 

Activate WebM anage by clicking on the WebM anage icon on the 
desktop of one of the computers connected to your wireless LA N . 
I f you do not have this icon on the computer you want to use, you 
can activate WebM anage by entering its I P address from your 
browser. U nless you have changed this address, it is the default 
192 . 168 . 0 .240. Click on the Maintenance button on the top 
of the page. The buttons down the side of the page will change; the 
following sections deal with each button in order. 

Upgrading the Firmware Code 

Clicking on the Update button will take you to the following 
screen: 
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H ere you need to specify the name of the file. Y ou can either type 
the name in yourself or click on Browse and choose it from the 
list. 

T he F ile U pdate Report page will appear. I f you've entered in the 
correct filename, you'll seethe message "System Upload 
SU C C E SSF U L ." I f you've selected the wrong filename (or typed 
it incorrectly), you will seethe message "System Upload FAIL." 
Check that you're using the right filename and directory name and 
repeat the above procedure. 

0 nee the upload is successful, you'll see the following message: 
Please restart ZoomAir A P128... Click on the Restart button. 

Note: Whenever you upgrade the firmware code, you must first 
unplug theZoomAir card from theZoomAir AP128 unit. 



Restarting the ZoomAir AP128 

0 n the left side of the screen, click on the Restart button and 
follow the prompts. E xit your browser. 



Note: Remember, the ZoomAir cards are not hot-swappable: 
You must power down each and every time you remove a 
ZoomAir card. 
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Appendix 

LED Settings 



T he front panel of the Z oomA ir A P 128 features three sets of 
L E D s that will help you monitor and troubleshoot your LA N , 
WAN, or ISDN connection. The green PWR LED on the panel's 
far right will light up and remain on when you push the on/ off 
switch on theZoomAir AP128's back panel. 

Wireless LED Settings 

The three green LEDs located under the Zoo mAir logo pertain to 
the wireless portion of your network and are labeled ON , LIN K, 
and DATA. 

ON — The unit is receiving power. 

LINK — The unit has located at least one wireless client. 

DATA — The unit is receiving and/ or transmitting data. 

ISDN LED Settings 

T he four green LEDs that indicate the status of the I SD N 
connection are SYNC, BX B2, and MLP. 

SYNC - This LED monitors the physical ISDN link and its 
synchronization with the central office's equipment. Four states are 
possible: 

Off — There is no physical link for one of several reasons: 
T he I SD N line may not be plugged in; there may be a defect in the 
line, either on the premises or between the premises and the CO ; 
or there may be an equipment failure at the CO . 

Two-On, Two-Off Flash Pattern ( ) - A 

physical link exists and framing has been established (ISD N Layer 
1). In switch types that don't support Fully Initializing Terminals 
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(F I Ts), this pattern will persist until a connection (call) is 
established. Examples of such non-FIT switches are E U RO ISDN 
and ATT Custom. 

One-On, One-Off Flash Pattern ( ) — The 

ZoomAir ap128 has successfully negotiated one or more Terminal 
Endpoint Identifiers (T Els) and established ISDN Layer 2 
connectivity. 

Note: In FITs, if this pattern persists for more than a minute or 
so, it means SPID negotiation has failed. In non-FITs, it 
means that an attempt to establish a connection has failed. 
Check the DN entries and SPIDsor MSN/SubAddress 
entries, as appropriate. 

Solid On — In FITs, this pattern indicates that the 
ZoomAir ap128 has successfully negotiated one or moreSPI Ds. 
I n non-F I T s, this pattern indicates that the Z o o m A I r a p 128 has 
successfully established a connection. 

Bl— The Bl channel connection is active. 
B2— The B2 channel connection is active. 
MLP — During Multi-Link PPP (M LP) negotiation, this LED will 

flash in a one-on, one-off pattern ( , etc.). When MLP 

negotiation is complete, this LED will remain on. 

Note: If the MLP LED flashes for an extended period without 
changing to a solid illumination, it may indicate a problem 
with logon parameters such as username and password, or 
with the authentication method specified. 



LAN LED Settings 

T he three L E D s relating to the Z o o m A i r a p 128's LAN settings 
areLINK,ACT,andCOL. 

LINK — This green LED shows that the lOBaseT Ethernet port 
link is working correctly. 

ACT — Short for Activity, this green LED indicates that the 
lOBaseT Ethernet port is transmitting or receiving packets. 
COL — Short for Collision, this red LED indicates that the 
network is experiencing traffic collisions. N o action is necessary. 
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Appendix B 

Console Commands 



Some users may prefer to program theZoomAir AP128 from the 
console rather than from the browser-based WebM anage. And if 
your WebM anage connection is terminated (for whatever reason), 
you can use the console to restart the A P 128 and WebM anage. 

Setting Up the Console 

Once you've connected theZoomAir AP128 unit to your 
computer using the supplied console cable (see the main manual if 
you have any questions), follow these steps: 

Start any terminal application that can be set to a serial rate of 
exactly 38.4 K bps. The H yperTerminal application that comes 
with Windows 95/ 98 and N T is a good example. To illustrate, 
click on Start | Programs | Accessories | H yperTerminal. 
The Connection Description box will pop up. Type in the 
name of your new connection (a name of your own choosing) 
and double-click on an icon to represent it. H it E nter. 

You will be asked how you want to connect. Ignore the phone 
number entry. U nder Connect using, select the same CO M 
port as that used to connect the console to the Z oomA ir 
AP128. Click OK. The COM Properties dialog box will pop 
up. U nder Bits per second, select 38400. Data bits will be set 
to 8; Parity will be set to none; Stop bits will be set to X leave 
all three as-is. U nder Flow control, select Xon/ Xoff. Click 
OK. H it Enter to get a $ in the terminal window. 

Note: If your connection attempt fails, double-check that 
your cable connection is secure and that your CO M 
port selections match. 
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Configuring the System IP Address 



To view your system I P address settings, type get Ian ipeO. 

To change any settings, type set Ian ipeO. 

You'll see IP>. H it Enter to enable. The current IP address of the 
AP128 will display. Type in the IP address you want and hit Enter. 

You will then see a list of parameters: N etmask, Broadcast, Filter 
Profile, Enable IP Routing, Bridge Un routed Protocols. You 

can accept or change each one. When you reach the end of the list, 
you will be asked, Do you want to save above changes? 0 nee 
you have reviewed your changes and are satisfied, hit E nter and 
type reboot to activate your changes. 

Note: If you prefer VT100 terminal emulation, type set term 
vtKX) from the command line, and a VT 100 window will 
pop up. 



Configuring Other Parameters 

Get Commands 

The tables on the following pages categorize the get commands 
and their functions. 



If you type get followed 
by... 



the console will display... 



system 
Ian 



system parameters 



TCP/IP address information 



filters 



wan 



wireless 



account 



isdn 



routes 



WAN parameters 

details of your wireless configuration 

ISDN parameters 

information pertaining to your ISP, 
user, and remote LAN accounts 

static routing parameters 

IP and generic filters profile data 
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dhcp 


fixed- and dynamic-address 
assignment information 


nat 


NAT parameters 


radius 


data pertaining to the RADIUS 
(Remote Authentication for Dial-in 

1 1 cor Con/ifo^ con/or 


ntp 


NTP parameters 


version 


the build version of the AP128 


sysl 1 1 III 


HpfoilpH cwctpm naramptprc: whirh 

uclqmcu oyoLCiii pa i a 1 1 iclci d, vviiil.ii 

will prove helpful if you need to call 
Tech Support 


mac 


the MAC (Media Access Control 
address) of the AP128 


get system commands 




If you type get system 
followed bv 


the console will display... 


userna me 


the username of the ZoomAir 
AP128 system administrator 


devname 


the name of the device plus the 
first part of its MAC address 


contact 


the system administrator's name 


location 


the device location 


date 


current date 


time 


current time 


timezone 


time zone 


get Ian commands 




If you type get Ian 
followed by... 


the console will display... 


ipeO 


the ZoomAir AP128 TCP/IP 
address plus other pertinent 
information such as mask and filter 
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profile 


rip 


RIP (Routing Information Protocol) 
parameters 


rip direction 


RIP direction status 


1 tfj VCI JIUll 


RIP version status 


get wan commands 




If you type get wan 
followed by... 


the console will display... 


default 


the default parameters for your 
WAN (wide area network) 


connect 


the WAN connection table 


npt wirplpw romina nrK 

UCL V V 1 1 1 1 L JJ V-WIIIIIIUIIU-J 




If you type get 
wireless followed by... 


the console will display... 


basic 


the wireless configuration default 
parameters such as channel and 
SSID (special identifier I.D.) 


advanced 


additional wireless parameters 
such as fragmentation threshold 
and beacon period 


acUll lly 


cpmritv naramptprc ci irh WFP 
jclu ii Ly [j a i a 1 1 ic lc i j ju ^ 1 1 uj vvi_r 

(Wired Equivalency Protocol) 
settings and the Passphrase 


status 


individual statistics for each portion 
of your wireless network 


get account commands 




If you type get 
account followed by... 


the console will display... 


isp 


information about your ISP 
account 
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user 


dial-in-user account information 


router 


remote LAN account information 


get filters commands 




If you type get filters 
followed by... 


the console will display... 


spoofer 


the state of the IP filter spoofer 


in [profile #:rule #] 


IP input filter data (e.g., 1:12) 


out [profile #:rule 
#] 


IP output filter data (e.g., 1:12) 


webmanage 


addresses and masks for 
WebManage filters 


Note: Profile number ranges from 1-5; rule number ranges from l-2( 


getdhcp commands 




If you type getdhcp 
followed by... 


the console will display... 


fix [host #] 


the table of fixed addresses for 
assigning an IP to one of the 
AP128 clients 


dynamic 


the set of IP address pools 
assigned dynamically when a client 
comes on-line 


Note: Host number ranges from 1-30. 


get nat commands 




If you type get nat 
followed by... 


the console will display... 


cache 


the contents of the NAT (Network 
Address Translation) cache table 


static [#] 


NAT static IP mapping 


server 


NAT server mapping 


timeout 


NAT cache timeout 



Appendix B Console Commands 



119 



Note: Static number ranges from 1-10. 



get ntp commands 




If you type get ntp 
followed by... 


the console will display... 


server [IP address] 


the NTP (Network Time Protocol) 
server address 


interval [#] 


interval for NTP 


Note: Interval number ranges from 0-24. 


get routes commands 




If you type get routes 
followed by... 


the console will display... 


gateway 


default gateway address 


all 


all routes (i.e., 1-16) 


: [route#route#] 


a range of routes from 1-16 


Set Commands 




The following tables categorize the set commands and their 
functions. 


If you type set followed 
by... 


the console will display... 


system 


system parameters 


Ian 


TCP/IP address information 


wan 


WAN parameters 


wireless 


details of your wireless configuration 


isdn 


ISDN parameters 


account 


information pertaining to your ISP, 
user, and remote LAN accounts 


routes 


static routing parameters 
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filters 


IP and generic filters profile data 


dhcp 


fixed- and dynamic-address 
assignment information 


nat 


NAT parameters 


radius 


information about the RADIUS server 


ntp 


NTP parameters 


term 


the terminal type (e.g., VT100) 


set system commands 




If you type set system 
followed hv 


the console will display... 


userna me 


the username of the ZoomAir 
AP128 system administrator 


devname 


the name of the device plus the 
first part of its MAC address 


contact 


the system administrator's name 


location 


the device location 


date 


current date 


time 


current time 


timezone 


time zone 


set Ian commands 




1 f \/n 1 1 h/n p cot 1 Ian 
ii yu u Lypc jcl iciii 

followed by... 


thp rorKolp will Hi^nlau 


ipeO 


TCP/IP stack parameters 


rip 


RIP parameters 


If you type set Ian rip 
followed by... 


the console will display... 


direction 


RIP direction status; e.g., in, out 
none, both 
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version 


RIP version status 


set wan commands 




If you type set wan 
followed by... 


the console will display... 


default 


default parameters for your WAN 


connect 


make the WAN connection 


disconnect 


terminate the WAN connection 


set wireless commands 




If you type set 
wireless followed by... 


the console will display... 


basic 


default wireless parameters 


advanced 


more detailed wireless configuration 
parameters 


security 


security parameters such as WEP settings 


set account commands 




it you type set account 
followed by... 


tne console win aispiay... 


isp Laccount namej 


Ijr dLLUUlll lillUi iTldUUll 


user Laccount namej 


oiai-m-user account inTormauon 


router [account 
name] 


remote LAN account information 


set routes commands 




If you type set routes 
followed by... 


the console will display... 


gateway 


default gateway address 


all 


all routes (i.e., 1-16) 
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:[route#route#] 


a range of routes from 1-16 


set filters commands 




If you type set filters 
followed by... 


the console will display... 


spoofer 


IP filter spoofer blocking 


■ W ^ m ■ if ■ ill 

in [profile #:rule #] 


IP input filter (e.g., 1:12) 


out [profile #:rule #] 


IP output filter (e.g., 1:12) 


webmanage 


WebM anage address and mask 
filter information 


setdhcp commands 




If you type setdhcp 
followed by... 


the console will display... 


fix [host #] 


fixed-address assignments 


dynamic 


dynamic-address assignments 


out 


IP output filter 


webmanage 


WebM anage address and mask 
filter information 


set nat commands 




If you type set nat 
followed by... 


the console will display... 


static [#] 


NAT static-IP mapping 


server 


NAT server mapping 


timeout 


NAT cache timeouts 


set ntp commands 




If you type set ntp 
followed by... 


the console will display... 


server [IP address] 


NTP server address 
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interval [#] 



NTP intervals 



For More Help 

For additional help and more command information, type help at 
the $ sign. 
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Appendix C 

IP Networking Basics 



What is TCP/IP? 

The TCP/ IP family of protocols is named after two of its most 
important members: Transmission Control Protocol and Internet 
Protocol. E ach protocol in the family controls a specific task 
relating to the transfer of data over the I nternet. Together these 
protocols manage a set of complex operations that the user— or 
even an application— thinks of simply as "sending mail" or 
"transferring a file." 

I P is responsible for the delivery of packets from one network to 
another. I P does not, however, guarantee that the packets arrive at 
their destination in any particular order or even intact. Those tasks 
fall under the purview of T C P . 

TCP breaks data into packets suitable for transmission across the 
I nternet. When the packets arrive at their destination, TCP verifies 
that they are intact and reconstructs the data in the proper order. 

TCP/IP includes several other critical protocols, such as File 
Transfer Protocol (FTP) and Simple Mail Transfer Protocol 
(SMTP). FTP uses TCP/ IP to let users to transfer files, whereas 
SM T P controls the transfer of mail messages among I P computers. 

TCP/IP was developed by the D epartment of Defense in the 
1970s for Unix computers. For the past 25 years, thousands of 
network researchers have collaborated under the auspices of the 
I nternet Activities Board to define network standards and solve 
internetworking problems. Vendors such as M icrosoft, Apple, and 
N ovell have developed interfaces to allow their software to use 
TCP/IP protocols for network communication. 
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IP Addressing 

Put simply, TCP/ 1 P works by addressing a packet with the unique 
address of its destination and then dispatching it over a network, 
where the destination node "listens" for packets with its address. 
E ach node on a network must have its own unique address. 




The figure above illustrates the principal of I P routing in a simple 
network. All the nodes on N etwork 1 can send packets to each 
other; for instance, N ode 1.1 can send directly to N ode 1.2. 

If a network consists of only a few dozen computers, they can send 
packets directly to each other using the I P address. But when 
multiple networks are connected together— such as N etwork 1 and 
N etwork 2 in the F igure above— you need a router or a gateway to 
transfer packets between the networks. If node 2.1 wants to send a 
packet to a network address it doesn't recognize— such as node 
1.4— it sends the packet to the router instead. 

The I nternet works under the same principle, except that the 
address length is 32 bits. A 32-bit I P address is usually broken 
down into 4 segments of 8 bits separated by periods (dotted- 
decimal notation). An I P address can be written in binary: 

11000110.01100001.01000101.00000101 
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It is more convenient, however, to express an address in decimal 
form: 

198.97.69.5 

There is a hierarchical organization inherent in this arrangement. I P 
addresses are divided into two segments. The network segment, 
which identifies the local network, is represented by the leftmost 
bits of the I P address. The host segment, which identifies a specific 
node on the network— a computer or a router— is represented by 
the rightmost bits of the address. When a node dispatches a packet 
via TCP/ 1 P, it compares the network segment of the destination 
address on the packet to its own network segment, like standing 
with a letter in your company's mailroom and deciding whether to 
drop the envelope into the box marked "I nteroffice" or the box 

If the network portion of the address on the packet is the same as 
the node's network address, the sending node can deliver the 
packet directly to the destination, just like your company mailroom 
delivers interoffice mail. If the sending node can't deliver the 
packet, it forwards it to a router on its network for handling, the 
same way that your company mailroom lets the U.S. Post Office 
handle its non-interoffice mail. 

Classes of IP Addresses 

The Internet N etwork Information Center (InterN IC) hands out 
several different types of network address ranges to organizations, 
depending on their size. A Class A network address uses only the 
first byte to identify the network, and the remaining three bytes to 
identify the node. The first node of a Class A address falls in the 
range 0-127. (Some numbers in this range are reserved.) For 
example, address 100.5.7.25 identifies node 5.7.25 on network 100. 
There are only 126 usable Class A addresses, but each will support 
a very large number of nodes. 

A Class B network address uses the first two bytes to identify the 
network and the last two bytes to identify the host. The first byte 
of a Class B network is a number in the range 128 - 191 (some are 
reserved). For example, address 145.200.26.14 identifies node 26.14 
on network 145.200. There are about 16,000 Class B addresses 
available, each of which may have about 16,000 hosts. 
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A Class C network address uses the first three bytes to identify the 
network, and the last byte to identify the host. The first byte of a 
Class C network is a number in the range 192 - 223. For example, 
address 198.97.64.101 identifies node 101 on network 198.97.64. 
There are about four million Class C addresses available, each with 
up to 253 host addresses. 

Two other classes of addresses occupy the remainder of the 
address space from 224 - 247: Class D (used for I P multicasting) 
and Class E (reserved for experimental use). 

I P networks use a netmask (also known as a subnet mask) to 
indicate which portion of the address is used for the network 
address and which portion is used for the host address. I n the 
mask, every bit that is dedicated to the network address is set to 
one; every bit dedicated to the host address is set to zero. The 
subnet masks for Class A, B, and C networks are shown below: 

C lass Subnet M ask for a N etwork 

with no Subnets 

A Binary: 8-bit 

11111111.00000000.00000000.00 net 

000000 mask 
Dotted Decimal: 255.0.0.0 

B Binary: 16-bit 

11111111.11111111.00000000.00 net 

000000 mask 
Dotted Decimal: 255.255.0.0 

C Binary: 24-bit 

11111111.11111111.11111111.00 net 

000000 mask 
Dotted Decimal: 255.255.255.0 



IP Subnetting 

D ividing I P address space into classes enables the construction of 
an efficient hierarchy of I nternet routers designed to direct packets 
to their destination organization. Likewise, I P subnetting allows 
network administrators to partition their own Class A, B, or C 
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address space in a similar way. Subnetting makes networks more 
manageable, reliable, and efficient. 

When a network is subnetted, some of the bits that would 
otherwise be used for host address information (the rightmost bits) 
are dedicated to subnet information. The netmask (or subnet mask) 
is revised so that all bits dedicated to network or subnet 
information contain a binary 1. Those bits that are to identify a 
host are set to a binary 0. 1 P networks that are physically connected 
together and share a single assigned network number will share a 
subnet mask. To configure subnets properly, you must be able to 
convert between binary and decimal notation. 

To know whether subnets are in use, you must know what subnet 
mask is being used; you cannot determine this information from an 
I P address. N etwork managers configure subnet mask information 
as part of the process of setting up I P routers and gateways. 

Example: Using Subnets on a Class C IP Internet 

For example, Acme Services, I nc. has a total of 100 I P hosts in five 
different buildings, each with its own network. The local I nternet 
service provider has assigned Acme a single Class C network 
number, 192.168.1.0. All of Acme's hosts will use IP addresses of 
the form 192.168.1.x, where x represents the eight bits that can be 
used for subnet information and host numbers. 

Step 1 is to decide how the final eight bits of the I P address should 
be divided between subnet information and host information. The 
following table shows how many subnets and how many hosts can 
be configured on a Class C network, depending on how many bits 
are allocated to subnet numbers. 



No. of Bits for 
Subnet N umber 


N o. of Subnets 
Possible 


N o. of H osts 
Possible on each 
Subset 


1 


0 


126 


2 


2 


62 


3 


6 


30 


4 


14 


M 


5 


30 


6 


6 


62 


2 
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7 


126 


0 


8 


254 


0 



Because binary host addresses or subnet addresses that are all 
zeroes or all ones are reserved for broadcasting, subnet masks that 
allocate 1, 7, or 8 bits to subnets are useless. For Acme, it is logical 
to use a subnet mask that allocates 5 bits for the host address and 3 
bits for the subnet address. This gives us a potential of six usable 
subnets of 30 machines each. (There are 30 host addresses available 
instead of 32 because the top and bottom addresses are reserved 
for broadcasting within the subnet.) 

Step 2 is to calculate the subnet mask. Since we are allocating the 3 
leftmost bits of the final byte for subnet information, Acme's 
subnet mask becomes 1111111.11111111.11111111.11100000 in 
binary notation. 



To translate this binary number to a decimal number, consult the 
table below. 



Bit No. 


8 


7 


6 


5 


4 


3 


2 


1 


Binary 


1 


1 


1 


0 


0 


0 


0 


0 


Value 


















Decimal 


128 


64 


32 


16 


8 


4 


2 


1 


Value 



















Adding the decimal values of the bits with a 1 in them 
(128+64+32) equals 224. The netmask is then 255.255.255.224. 



Step 3 is to calculate the legal subnet numbers for Acme's five 
networks. All the subnets begin with 192.168.1, and the first three 
bits of the final byte have been dedicated to subnet information. 
These three bits gives us eight possible numbers: 000, 001, 010, 
011, 100, 101, 110, and 111. Because 000 and 111 are reserved for 
broadcasting, we have six usable subnets: 001, 010, 011, 100, 101, 
and 110. The last five bits, reserved for host address information, 
are always zeros. Acme's six subnets written in binary and decimal 
form are listed below: 



Binary 


Decimal 


00100000 


32 
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01000000 


64 


01100000 


96 


10000000 


128 


10100000 


160 


11000000 


192 


The last step is to determine whic 


h host numbers are legal. 



Although we have reserved five bits for host information (00000 to 
11111 in binary notation), 00000 and 11111 are reserved for 
broadcasting; so valid host numbers are 00001 through 11110 in 
binary notation, or 1 through 30 in decimal notation. 



H ere's a summary of Acme's subnetting plan: 



Subnet 
N ame 


Subnet N o. 


Maximum 
N o. of H osts 


1 P Address 
Range 


Building 1 


32 


30 


192.168.1.33 - 
192.168.1.62 


Building 2 


64 


30 


192.168.1.65 - 
192.168.1.94 


Building 3 


96 


30 


192.168.1.97 - 
192.168.1.126 


Building 4 


128 


30 


192.168.1.129- 
192.168.1.158 


Building 5 


160 


30 


192.168.1.161- 
192.168.1.190 


Backbone 


192 


30 


192.168.1.193- 
192.168.1.222 



Broadcast Addresses 

The broadcast address is used by I P to propagate packets to all 
hosts connected directly to that network. While subnet and host 
addresses containing all zeros and all ones are both reserved for 
broadcasting, in practice, it is the address with all ones that is used 
for broadcasting. 
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I n an unsubnetted network, there is one broadcast address. For 
example, the broadcast address for the Class C network 207.67.12.0 
would be 207.67.12.255. 

I n a subnetted network, there are two levels of broadcasting 
addresses. First, there is the broadcast address that spans the entire 
network. Then, each subnet has its own broadcast address. When 
configuring an I P network interface f or the Z oomA ir A P 128, it is 
the latter subnet broadcast address that you should use. 



I n Acme's case, the six subnets have the following broadcast 
addresses: 



N etwork N umber 


B roadcast Addresses 


192.168.1.32 


192.168.1.63 


192.168.1.64 


192.168.1.95 


192.168.1.96 


192.168.1.127 


192.168.1.128 


192.168.1.159 


192.168.1.160 


192.168.1.191 


192.168.1.192 


192.168.1.223 



Network Time Protocol 

Network Time Protocol (NTP) servers, located on the Internet all 
over the world, supply the current time when requested. A Ithough 
the ZoomAir A P128 does not have an internal time-of-year clock, 
it has the ability to discover the date and time from an N T P server. 
The ZoomAir AP128 can then stamp each log and diagnostic 
message with a time and date. 

You can configure the ZoomAir AP128 with the IP address of an 
NTP server and indicate how often the NTP server should check 
the current time. If your organization has an N TP server, you 
should use the I P address of that server. I f not, a search of the web 
will provide you with a current list of available NTP servers. I n 
most cases, you should ask the manager of an NTP server before 
you use it. 
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Internet Service Providers 



There are several ways to get an I nternet address or a range of 
I nternet addresses. The easiest, fastest way is to contact an I nternet 
Service Provider (I SP). These organizations ordinarily act as 
brokers; an I SP may have an entire Class B or Class C address from 
which it "leases" (assigns) I P addresses or ranges of addresses to 
clients for a monthly fee. 

There are other ways to obtain an official I P address. Perhaps the 
best place to start is T he Internet Corporation for Assigned Names 
and N umbers at www.icann.org. I CA N N , a non-profit 
corporation, was formed to assume responsibility for the I P 
address space allocation, protocol parameter assignment, domain 
name system management, and root server system management 
functions now performed under U .S. G overnment contract by 
I A N A (I nternet A ssigned N umbers A uthority), and other entities. 
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Appendix D 

Filter Rule Examples 



This A ppendix supplements the instructions described in the main 
part of the manual in the Filtering section beginning on page 95. 

Remember, when setting up filter rules, it is critical to keep these 
points in mind: 

• The order of the rules is key. Rules are applied to packets in 
the order in which they are stored. If the earliest rule for a 
packet is configured to allow the packet, that packet is allowed 
regardless of later rules. Conversely, if the earliest rule for a 
packet is configured to block the packet, that packet is blocked 
regardless of later rules. 

• I f a packet does not satisfy any rule, it is allowed. This is a 
form of positive filtering. To implement negative filtering 
configure the last rule to block out all packets. 

• Addresses can only be specified in dotted decimal notation: 4 
fields, 8 bits each (numbers 0 to 255). For example: 197.34.5.0. 

Examples 

The examples on the following pages are provided for illustration 
purposes only. They demonstrate how to implement the I P and 
generic filter mechanisms for several common services. Your actual 
use of filter rules will depend entirely on your needs and network 
configuration. 
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How to Customize Filter Rules 

Relying on the following examples, you can set up your own I P and 
generic filters. Your source and destination addresses, and masks 
will be different but source and destination ports, protocol, and 
action fields will be the same. 

I ncluded here is a quick reference for some common ports and 
protocols: 

Port Process Protocol Description 
Number Name 



21 


FTP 


TCP 


File Transfer Protocol 


23 


Telnet 


TCP 


Telnet 


25 


SMTP 


TCP 


Simple Mail Transfer Protocol 


37 


Time 


TCP 


Time 


53 


Domain 


UDP 


Domain N ame Server (DNS) 


80 


HTTP 


TCP 


Hypertext Transfer Protocol 


109 


PO P2 


TCP 


Post Office Protocol v2 


110 


PO P3 


TCP 


Post Office Protocol v3 


119 


NNTP 


TCP 


N etwork N ews Transfer Protocol 


123 


NTP 


UDP 


Network Time Protocol 



Tip: For additional information on ports and protocols, visit 
www.sockets.com/ services.htm. 
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IP Filtering for SMTP (on the Internet) 

The purpose of this IP filter is to allow SMTP traffic between the 
SM T P server on the I nternet (128.128.128.64) to anyone on the 
LAN (192.168.64.0). 

Input Rule: 





Rule No. 1 


Src. Addr. 


128.128.128.64 


Src. Mask 


255.255.255.255 


Src. Port 


25 


Dst. Addr. 


192.168.64.0 


Dst. Mask 


255.255.255.0 


Dst. Port 


1024-65535 


IP Prot. 


6 


TCP Estab. 


Yes 


Action 


Allow 


Comment 


SMTP outbound 
mail; incoming 
packets 


Output Rule: 




Rule No. 1 


Src. Addr. 


192.168.64.0 


Src. Mask 


255.255.255.0 


Src. Port 


1024-65535 


Dst. Addr. 


128.128.128.64 


Dst. Mask 


255.255.255.255 


Dst. Port 


25 


IP Prot. 


6 


TCP Estab. 


No 


Action 


Allow 


Comment 


SMTP outbound 
mail; outgoing 
packets 
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IP Filtering for SMTP (on the LAN) 

The purpose of this I P filter is to allow traffic from the I nternet 
(0.0.0.0) to the SMTP server (192.168.64.5) on the LAN . 

Input Rules: 





Rule No. 1 


Rule No. 2 


Src. Addr. 


0.0.0.0 


0.0.0.0 


Src. Mask 


0.0.0.0 


0.0.0.0 


Src. Port 


1024-65535 


25 


Dst. Addr. 


192.168.64.5 


192.168.64.5 


Dst. Mask 


255.255.255.255 


255.255.255.255 


Dst. Port 


25 


1024-65535 


IP Prot. 


6 


6 


TCP Estab. 


No 


Yes 


Action 


Allow 


Allow 


Comment 


SMTP inbound 
mail; incoming 
packets 


SMTP outbound 
mail; incoming 
packets 


Output Rules: 




Rule No. 1 


Rule No. 2 


Src. Addr. 


192.168.64.5 


192.168.64.5 


Src. Mask 


255.255.255.255 


255.255.255.255 


Src. Port 


25 


1024-65535 


Dst. Addr. 


0.0.0.0 


0.0.0.0 


Dst. Mask 


0.0.0.0 


0.0.0.0 


Dst. Port 


1024-65535 


25 


IP Prot. 


6 


6 


TCP Estab. 


Yes 


No 


Action 


Allow 


Allow 


Comment 


SMTP inbound 
mail; outgoing 
packets 


SMTP outbound 
mail; outgoing 
packets 
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IP Filtering for PO P3 (on the LAN) 

These two I P filters allow anyone on the remote network (10.0.0.0) 
access to the PO P3 server on the LA N (192.168.64.5). 

Input Rules: 





Rule No. 1 


Rule No. 2 


Src. Addr. 


10.0.0.0 


10.0.0.0 


Src. Mask 


255.0.0.0 


255.0.0.0 


Src. Port 


1024-65535 


110 


Dst. Addr. 


192.168.64.5 


192.168.64.5 


Dst. Mask 


255.255.255.255 


255.255.255.255 


Dst. Port 


110 


1024-65535 


IP Prot. 


6 


6 


TCP Estab. 


No 


Yes 


Action 


Allow 


Allow 


Comment 


POP3 client to 
server; incoming 
packets 


POP3 server to 
client; incoming 
packets 


Output Rules: 




Rule No. 1 


Rule No. 2 


Src. Addr. 


192.168.64.5 


192.168.64.5 


Src. Mask 


255.255.255.255 


255.255.255.255 


Src. Port 


110 


1024-65535 


Dst. Addr. 


10.0.0.0 


10.0.0.0 


Dst. Mask 


255.0.0.0 


255.0.0.0 


Dst. Port 


1024-65535 


110 


IP Prot. 


6 


6 


TCP Estab. 


Yes 


No 


Action 


Allow 


Allow 


Comment 


POP3 server to 
client; outgoing 
packets 


POP3 client to 
server; outgoing 
packets 
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IP Filtering for PO P3 (on the Internet) 

These rules allow anyone on the LAN (192.168.64.0) access to the 
PO P3 server on the I nternet (128.128.128.64). 

Input Rule: 





Rule No. 1 


Src. Addr. 


128.128.128.64 


Src. Mask 


255.255.255.255 


Src. Port 


110 


Dst. Addr. 


192.168.64.0 


Dst. Mask 


255.255.255.0 


Dst. Port 


1024-65535 


IP Prot. 


6 


TCP Estab. 


Yes 


Action 


Allow 


Comment 


POP3 server to 
client; incoming 
packets 


Output Rule: 




Rule No. 1 


Src. Addr. 


192.168.64.0 


Src. Mask 


255.255.255.0 


Src. Port 


1024-65535 


Dst. Addr. 


128.128.128.64 


Dst. Mask 


255.255.255.255 


Dst. Port 


110 


IP Prot. 


6 


TCP Estab. 


No 


Action 


Allow 


Comment 


POP3 client to 
server; outgoing 
packets 
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IP Filtering for Telnet 

Rule N o. 1 (I nput and 0 utput) allows anyone from the I nternet 
(0.0.0.0) access to hosts (192.168.64.8-192.168.64.15) using Telnet. 
Rule N o. 2 (I nput and 0 utput) allows anyone from the LA N 
(192.168.64.0) access to the I nternet (0.0.0.0) using Telnet. 

I nput Rules: 





Rule No. 1 


Rule No. 2 


Src. Addr. 


0.0.0.0 


0.0.0.0 


Src. Mask 


0.0.0.0 


0.0.0.0 


Src. Port 


1024-65535 


23 


Dst. Addr. 


192.168.64.8 


192.168.64.8 


Dst. Mask 


255.255.255.248 


255.255.255.248 


Dst. Port 


23 


1024-65535 


IP Prot. 


6 


6 


TCP Estab. 


No 


Yes 


Action 


Allow 


Allow 


Comment 


Telnet; incoming 
client to server 


Telnet; incoming 
server to client 


Output Rules: 




Rule No. 1 


Rule No. 2 


Src. Addr. 


192.168.64.8 


192.168.64.8 


Src. Mask 


255.255.255.248 


255.255.255.248 


Src. Port 


23 


1024-65535 


Dst. Addr. 


0.0.0.0 


0.0.0.0 


Dst. Mask 


0.0.0.0 


0.0.0.0 


Dst. Port 


1024-65535 


23 


IP Prot. 


6 


6 


TCP Estab. 


Yes 


No 


Action 


Allow 


Allow 


Comment 


Telnet; outgoing 
packets, server to 
client 


Telnet; outgoing 
packets, server to 
client 
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IP Filtering for N NTP 

The purpose of this I P filter is to allow traffic between the N N TP 
server on the I nternet (128.128.128.65) to anyone on the LAN 
(192.168.64.0). 

Input Rule: 





Rule No. 1 


Src. Addr. 


128.128.128.65 


Src. Mask 


255.255.255.255 


Src. Port 


119 


Dst. Addr. 


192.168.64.0 


Dst. Mask 


255.255.255.0 


Dst. Port 


1024-65535 


IP Prot. 


6 


TCP Estab. 


Yes 


Action 


Allow 


Comment 


NNTP incoming 
packets 


Output Rule: 




Rule No. 1 


Src. Addr. 


192.168.64.0 


Src. Mask 


255.255.255.0 


Src. Port 


1024-65535 


Dst. Addr. 


128.128.128.65 


Dst. Mask 


255.255.255.255 


Dst. Port 


119 


IP Prot. 


6 


TCP Estab. 


No 


Action 


Allow 


Comment 


NNTP outgoing 
packets 



142 



Installation G uide: ZoomAirAP128 



IP Filtering for FTP 

FTP requires a few more rules than the other services because it 
uses two separate TCP ports (connections): One port carries 
commands and acknowledgments between your computer and the 
server, the other carries the actual data. There are two types of FTP 
modes: normal and passive. 

When you initiate an FTP session in normal mode: 

• Your computer opens a command connection to the server, 
then sends the server the TCP port number it reserved for a 
TCP data connection. 

• The server sends an acknowledge packet. 

• The server opens a data connection to your second port. 

• Y our computer sends an acknowledge packet. 
When you initial an FTP session in passive mode: 

• Y our computer opens a command channel to the server 
requesting passive mode. 

• The server allocates a TCP port for the data connection and 
tells your computer the port number. 

• Your computer opens the data port on the server. 

• The server sends an acknowledge packet. 

Because your computer opens a data channel from its side during 
passive mode, this is considered to be a safer connection. H owever 
because both normal and passive connections are common, you 
will probably want to create filters for both types. 



Note: M ost Web browsers only utilize the passive mode. 
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IP Filtering for 0 utgoing FTP 

The purpose of this IP filter is to allow anyone on the LAN 
(192.168.64.0) to request FTP access through the I nternet (0.0.0.0). 

N ormal M ode I nput Rules: 





Rule No. 1 


Rule No. 2 


Src. Addr. 


0.0.0.0 


0.0.0.0 


Src. Mask 


0.0.0.0 


0.0.0.0 


Src. Port 


21 


20 


Dst. Addr. 


192.168.64.0 


192.168.64.0 


Dst. Mask 


255.255.255.0 


255.255.255.0 


Dst. Port 


1024-65535 


1024-65535 


IP Prot. 


6 


6 


TCP Estab. 


Yes 


No 


Action 


Allow 


Allow 


Comment 


Response to 
request 


Data connection 
create, normal 
mode 


N ormal Mode Output Rules: 




Rule No. 1 


Rule No. 2 


Src. Addr. 


192.168.64.0 


192.168.64.0 


Src. Mask 


255.255.255.0 


255.255.255.0 


Src. Port 


1024-65535 


1024-65535 


Dst. Addr. 


0.0.0.0 


0.0.0.0 


Dst. Mask 


0.0.0.0 


0.0.0.0 


Dst. Port 


21 


20 


IP Prot. 


6 


6 


TCP Estab. 


No 


Yes 


Action 


Allow 


Allow 


Comment 


Outgoing FTP 
request 


Data connection 
incoming traffic, 
normal mode 
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If using the passive mode, replace Rule N o. 2 below (Input and 
0 utput) for Rule N o. 2 in the tables above. 

Passive M ode I nput Rule: 





Rule No. 2 


Src. Addr. 


192.168,64.0 


Src. Mask 


255.255.255.0 


Src. Port 


1024-65535 


Dst. Addr. 


0.0.0.0 


Dst. Mask 


0.0.0.0 


Dst. Port 


1024-65535 


IP Prot. 


6 


TCP Estab. 


No 


Action 


Allow 


Comment 


Data connection 
create, passive 
mode 


Passive M ode 0 utput Rule: 




Rule No. 2 


Src. Addr. 


0.0.0.0 


Src. Mask 


0.0.0.0 


Src. Port 


1024-65535 


Dst. Addr. 


192.168.64.0 


Dst. Mask 


255.255.255.0 


Dst. Port 


1024-65535 


IP Prot. 


6 


TCP Estab. 


Yes 


Action 


Allow 


Comment 


Data connection 
response, passive 
mode 
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IP Filtering for Incoming FTP 

The purpose of this I P filter is to allow anyone outside (0.0.0.0) 
access to the FTP server (192.168.64.7) on the LAN . 

N ormal M ode I nput Rules: 





Rule No. 1 


Rule No. 2 


Src. Addr. 


0.0.0.0 


0.0.0.0 


Src. Mask 


0.0.0.0 


0.0.0.0 


Src. Port 


1024-65535 


1024-65535 


Dst. Addr. 


192.168.64.7 


192.168.64.7 


Dst. Mask 


255.255.255.255 


255.255.255.255 


Dst. Port 


21 


20 


IP Prot. 


6 


6 


TCP Estab. 


No 


Yes 


Action 


Allow 


Allow 


Comment 


Incoming FTP 
request 


Data channel 
response, normal 
mode 


N ormal Mode Output Rules: 




Rule No. 1 


Rule No. 2 


Src. Addr. 


192.168.64.7 


192.168.64.7 


Src. Mask 


255.255.255.255 


255.255.255.255 


Src. Port 


21 


20 


Dst. Addr. 


0.0.0.0 


0.0.0.0 


Dst. Mask 


0.0.0.0 


0.0.0.0 


Dst. Port 


1024-65535 


1024-65535 


IP Prot. 


6 


6 


TCP Estab. 


Yes 


No 


Action 


Allow 


Allow 


Comment 


Data channel 
create, normal 
mode 


Response to 
incoming FTP 
request 
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If using the passive mode, replace Rule N o. 2 below (Input and 
0 utput) for Rule N o. 2 in the tables above. 

Input Rule: 





Rule No. 2 


Src. Addr. 


0.0.0,0 


Src. Mask 


0.0.0.0 


Src. Port 


1024-65535 


Dst. Addr. 


192.168.64.7 


Dst. Mask 


255.255.255.255 


Dst. Port 


1024-65535 


IP Prot. 


6 


TCP Estab. 


No 


Action 


Allow 


Comment 


Data channel 
create, passive 
mode 


Output Rule: 




Rule No. 2 


Src. Addr. 


192.168.64.7 


Src. Mask 


255.255.255.255 


Src. Port 


1024-65535 


Dst. Addr. 


0.0.0.0 


Dst. Mask 


0.0.0.0 


Dst. Port 


1024-65535 


IP Prot. 


6 


TCP Estab. 


Yes 


Action 


Allow 


Comment 


Data channel 
response, passive 
mode 
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IP Filtering for DNS 0 utgoing Requests 

The purpose of this IP filter is to allow anyone on the LAN 
(192.168.64.0) access to D N S (128.128.128.66). 

Input Rule for U DP: 





Rule No. 1 


Src. Addr. 


128.128.128.66 


Src. Mask 


255.255.255.255 


Src. Port 


53 


Dst. Addr. 


192.168.64.0 


Dst. Mask 


255.255.255.0 


Dst. Port 


1024-65535 


IP Prot. 


17 


TCP Estab. 


No 


Action 


Allow 


Comment 


DNS response by 
UDP 


Output Rule for U DP: 




Rule No. 1 


Src. Addr. 


192.168.64.0 


Src. Mask 


255.255.255.0 


Src. Port 


1024-65535 


Dst. Addr. 


128.128.128.66 


Dst. Mask 


255.255.255.255 


Dst. Port 


53 


IP Prot. 


17 


TCP Estab. 


No 


Action 


Allow 


Comment 


Outgoing DNS 
query by UDP 
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InputRuleforTCP: 





Rule No 1 


Src. Addr. 


128.128.128.66 


Src. Mask 


255.255.255.255 


Src. Port 


53 


Dst. Addr. 


192.168.64.0 


Dst. Mask 


255.255.255.0 


Dst. Port 


1024-65535 


IP Prot. 


6 


TCP Estab. 


Yes 


Action 


Allow 


Comment 


DNS response by 
TCP 


Output Rule for TCP: 




Rule No. 1 


Src. Addr. 


192.168.64.0 


Src. Mask 


255.255.255.0 


Src. Port 


1024-65535 


Dst. Addr. 


128.128.128.66 


Dst. Mask 


255.255.255.255 


Dst. Port 


53 


IP Prot. 


6 


TCP Estab. 


No 


Action 


Allow 


Comment 


Outgoing DNS 
query by TCP 
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IP Filtering for NTP 

The purpose of this filter is to only allow an NTP connection 
between the access point (192.168.64.1) and the NTP server 
(128.128.128.67) on the Internet. 

Input Rule: 





Rule No. 1 


Src. Addr. 


128.128.128.67 


Src. Mask 


255.255.255.255 


Src. Port 


123 


Dst. Addr. 


192.168.64.1 


Dst. Mask 


255.255.255.255 


Dst. Port 


1024-65535 


IP Prot. 


17 


TCP Estab. 


No 


Action 


Allow 


Comment 


Incoming NTP 
requests 


Output Rule: 




Rule No. 1 


Src. Addr. 


192.168.64.1 


Src. Mask 


255.255.255.255 


Src. Port 


1024-65535 


Dst. Addr. 


128.128.128.67 


Dst. Mask 


255.255.255.255 


Dst. Port 


123 


IP Prot. 


17 


TCP Estab. 


No 


Action 


Allow 


Comment 


Outgoing NTP 
requests 



150 



Installation G uide: ZoomAirAP128 



IP Filtering for Remote Access 

This I P filter allows anyone from a dial-in PC (192.168.64.20) 
access to the LAN (192.168.64.0). 

Input Rule: 





Rule No. 1 


Src. Addr. 


192.168.64.20 


Src. Mask 


255.255.255.0 


Src. Port 


0 


Dst. Addr. 


192.168.64.0 


Dst. Mask 


255.255.255.0 


Dst. Port 


0 


IP Prot. 


0 


TCP Estab. 


No 


Action 


Allow 


Comment 


Allows dial-in PC 
packets 


Output Rule: 




Rule No. 1 


Src. Addr. 


192.168.64.0 


Src. Mask 


255.255.255.0 


Src. Port 


0 


Dst. Addr. 


192.168.64.20 


Dst. Mask 


255.255.255.255 


Dst. Port 


0 


IP Prot. 


0 


TCP Estab. 


No 


Action 


Allow 


Comment 


Allows packets to 
dial-in PC 
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IP Filtering Final Rule 

This filter blocks all packets not explicitly allowed. 
Input or Output Rule: 





rvuie imo. J. 


Src. Addr. 


0.0.0.0 


Src. Mask 


0.0.0.0 


Src. Port 


0 


Dst. Addr. 


0.0.0.0 


Dst. Mask 


0.0.0.0 


Dst. Port 


0 


IP Prot. 


0 


TCP Estab. 


No 


Action 


Block 


Comment 


Blocks all packets 



Generic Filtering for MAC Addresses 

This generic filter blocks incoming packets with destination MAC 
addresses of 00803E 640152. 

Input Rule 





Rule No. 1 


Offset 


6 


Length 


6 


Mask 


rrrrrrrrrrrr 


Value 


00803E640152 


Action 


Block 
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Generic Filtering forAARP Packets 

This generic filter drops outgoing A ppleTalk Address Resolution 
(AARP) packets that contain the protocol type 0x80f3. 

Output Rule: 





Rule No. 1 


Offset 


14 


Length 


8 


Mask 


rrrrrrrrrrrrrrrr 


Value 


aaaa030000080f3 


Action 


Block 



Generic Filtering for Netware Packets 

This generic filter blocks outgoing N ovell N etware packets. 

Output Rule: 





Rule No. 1 


Offset 


14 


Length 


3 


Mask 


rrrrrr 


Value 


E0e003 


Action 


Block 
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Appendix E 

Regulatory Information 



FCC Part 15 Emissions Statement 

This equipment has been tested and found to comply with the 
limits for a Class B digital device, pursuant to part 15 of the FCC 
Rules. These limits are designed to provide reasonable protection 
against harmful interference in a residential installation. This 
equipment generates, uses and can radiate radio frequency and, if 
not installed and used in accordance with the instructions, may 
cause harmful interference to radio communications. 

H owever, there is no guarantee that interference will not occur in a 
particular installation. I f this equipment does cause harmful 
interference to radio or television reception, which can be 
determined by turning the equipment off and on, the user is 
encouraged to try to correct the interference by one or more of the 
following measures: 

• Reorient or relocate the receiving antenna. 

• I ncrease the separation between the equipment and receiver. 

• Connect the equipment into an outlet on a circuit different 
from that to which the receiver is connected. 

• Consult the dealer or an experienced radio/ TV technician for 
help. 

FCC Part 68 Statement 

This equipment complies with Part 68 of the FCC rules. The unit 
bears a label which contains the FCC registration number and 
Ringer E quivalence N umber (RE N ). If requested, this information 
must be provided to the telephone company. 
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This equipment uses the following standard jack types for network 
connection: RJ11C. 

This equipment contains an FCC-compliant modular jack. It is 
designed to be connected to the telephone network or premises 
wiring using compatible modular plugs and cabling which comply 
with the requirements of FCC Part 68 rules. 

The Ringer Equivalence N umber, or REN , is used to determine 
the number of devices that may be connected to the telephone line. 
An excessive REN may cause the equipment to not ring in 
response to an incoming call. I n most areas, the sum of the RE N s 
of all equipment on a line should not exceed five (5.0). 

I n the unlikely event that this equipment causes harm to the 
telephone network, the telephone company can temporarily 
disconnect your service. The telephone company will try to warn 
you in advance of any such disconnection, but if advance notice 
isn't practical, it may disconnect the service first and notify you as 
soon as possible afterwards. I n the event such a disconnection is 
deemed necessary, you will be advised of your right to file a 
complaint with the FCC. 

From time to time, the telephone company may make changes in 
its facilities, equipment, or operations that could affect the 
operation of this equipment. I f this occurs, the telephone company 
is required to provide you with advance notice so you can make the 
modifications necessary to obtain uninterrupted service. 

U.S. REPAIR CENTER INFORMATION: 

Zoom Telephonies, Inc. 
645 Summer Street 
Boston, MA 02210 
USA 

Telephone N umber: (617) 423 1072 
Facsimile N umber: (617) 542 8276 

There are no user serviceable components within this equipment. 

It shall be unlawful for any person within the U nited States to use a 
computer or other electronic device to send any message via a 
telephone facsimile unless such message clearly contains, in a 
margin at the top or bottom of each transmitted page or on the 
first page of the transmission, the date and time it is sent and an 
identification of the business, other entity, or individual sending the 
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message and the telephone number of the sending machine or of 
such business, other entity, or individual. The telephone number 
provided may not be a 900 number or any other number for which 
charges exceed local or long distance transmission charges. 
Telephone facsimile machines manufactured on and after 
December 20, 1992, must clearly mark such identifying information 
on each transmitted message. Facsimile modem boards 
manufactured on and after D ecember 13, 1995, must comply with 
the requirements of this section. 

This equipment cannot be used on public coin phone service 
provided by the telephone company. Connection to Party Line 
Service is subject to state tariffs. Contact your state public utility 
commission, public service commission, or corporation 
commission for more information. 

Industry Canada CS03 Statement 

N otice: The I ndustry Canada label identifies certified equipment. 
This certification means that the equipment meets 
telecommunications network protective, operational and safety 
requirements as prescribed in the appropriate Terminal Equipment 
Technical Requirements document(s). The D epartment does not 
guarantee the equipment will operate to the user's satisfaction. 

Before installing the equipment, users should ensure that it is 
permissible to be connected to the facilities of the local 
telecommunications company. The equipment must also be 
installed using an acceptable method of concern. The customer 
should be aware that compliance with the above conditions may 
not prevent degradation of service in some situations. 

Repairs to certified equipment should be coordinated by a 
representative designated by the supplier. Any repairs or alterations 
made by the user to this equipment, or equipment malfunctions, 
may give the telecommunications company cause to request the 
user to disconnect the equipment. 

Users should ensure for their own protection that the electrical 
ground connections of the power utility, telephone lines and 
internal metallic water pipe system, if present, are connected 
together. This precaution may be particularly important in rural 
areas. Caution: U sers should not attempt to make such 
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connections themselves, but should contact the appropriate electric 
inspection authority, or electrician, as appropriate. 

Notice: The Ringer Equivalence N umber (REN ) assigned to each 
terminal device provides an indication of the maximum number of 
terminals allowed to be connected to a telephone interface. The 
termination on an interface may consist of any combination of 
devices subject only to the requirement that the sum of the Ringer 
E quivalence N umbers of all the devices does not exceed 5. 

Industry Canada Emissions Statement 

This Class B digital apparatus meets all requirements of the 
Canadian Interference-Causing Equipment Regulations. 

Cet appareil numerique de la classe B respecte toutes les exigences 
du Reglement sur le materiel brouilleur du Canada. 
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